There is a Forbes article that unravels a vulnerability that has been well known since 2017. Forbes puts the attack in plain and simple language, “Google Calendar allows anyone to schedule a meeting with you…whereby the threat actor can use this non-traditional attack vector to bypass the increasing amount of awareness amongst average users when it comes to the danger of clicking unsolicited links.” Ways to combat the attack are below:
This includes delving into Calendar settings and changing the “Event” configuration from “Automatically add invitations” to “No, only show invitations to which I have responded.” Users are also advised to remove the automatic adding of events function from Gmail by configuring the “Events from Gmail” option so that the “Add automatically” box is unchecked.
Forbes
cybersqueeze 