Fake Apple Family Sharing invite — "someone added you to their Family Sharing group / Screen Time invite" from non-Apple sender; harvests Apple ID credentials via invite-acceptance phishing page (2025 Bleeping Computer / Malwarebytes)
fake-apple-family-sharing-invite-lure
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
Fake "someone added you to their Apple Family Sharing group" / "Screen Time invite" / "iCloud family invitation" email from a non-Apple sender. iOS 17+ Family Sharing grants significant shared access once the invite is accepted — iCloud Photos, Apple Music purchase history, Apple ID location, and on managed / supervised devices, Screen Time parental-control permissions. Attackers craft invite-lookalike emails; a recipient who clicks through lands on a phishing page that harvests Apple ID credentials. Bleeping Computer and Malwarebytes documented multiple 2025 campaigns targeting iOS users. Fires when the body references Apple Family Sharing / Screen Time / iCloud family group AND contains invite-acceptance language (accept the invitation, approve Screen Time, join the family group, click to view invitation). Excludes known Apple domains (apple.com, icloud.com, me.com, mac.com, privaterelay.appleid.com, appleid.apple.com, mzstatic.com), reply threads (family member sharing through in-thread coordination), and newsletters discussing the technique. Auto-classified as danger via the `-lure` suffix.
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started