Phishing attackers are now using Google Calendar invites with the aim of stealing user credentials. The attackers are spoofing invites for the popular Google scheduling app, allowing them to bypass email protections. The campaign uses modified “sender” headings to make the emails appear as though they are being sent directly via Google Calendar from a legitimate entity. This phishing operation has a massive attack surface as the application is used by over 500 million people around the world. 

Read more: https://www.darkreading.com/cyberattacks-data-breaches/phishers-spoof-google-calendar-invites-global-campaign