14 DAY TRIAL // It would seem that Google Calendar is plagued by all sorts of problems, the most recent of them being phishing attacks. Google representatives ask users to ignore suspicious messages and click the "Report Phishing" button instead of reading the message, opening links included in the message or downloading any attachments.
Phillip Lessen was one of the first to receive such a message. It was entitled "[Invitation] VERIFY YOUR ACCOUNT" and seemed to be sent by Google's customer care. The text of the message went on as follows: "we are sending it to every Gmail Email User Accounts Owner for safety. We are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted. We are sending you this email to so that you can verify and let us know if you still want to use this account."
You were then asked to send a reply message containing personal info, such as your username and password. If things looked rather official up to that point, and someone less weary would have certainly fallen for it, this is when the phishing attack gave itself away. All the information presented in the message had an air of truth about it, especially since a Google Calendar event was inserted in the message (a genuine one). As a rule of thumb you should always be cautious with any message that asks for such personal info as your username and password.
Phillip Lessen breaks it down for us: someone simply put down "customer" and "service" as his/her first and last name when setting up the account. An event entitled "Verify your account" was then created, and then several Google Calendar users were invited to said event. The message was indeed sent by Google, but it was sent by a malicious person trying to get a hold of your account info.