Wired.Com is reporting: The attack comes simply from scammers sending a wave of calendar event invites to Google Calendar users. The goal is to take advantage of a default setting that the targets' calendars will automatically add any event and send a notification about it. So scammers preload the text of the event entry with a phishing link and a short line to entice targets to click. The defense is obvious: Event Settings > Automatically Add Invitations, and then select the option "No, only show invitations to which I've responded." Also, under View Options, make sure that "Show declined events" is unchecked, so malicious events don't haunt you even after you decline them. see the article for details.