Attackers are using a new form of hacking through Google Calendar notifications that incite users on clicking the invites, leading to the opening of a link. This link, which is a phishing URL, asks for personal information like credit cards, which is then sent to criminals for malicious intent.
These notifications are dangerous because they appear harmless; people are used to quickly clicking on a notification on their phone, so many view these messages as innocent.
Google Calendar is not the only app which these hackers use for crime. Other Google apps, like Handouts, Analytics, Ads, and Photos all have these notifications that can lead victims into opening a dangerous link. For instance, an email titled "Friend shared this photo with you" could be a malicious virus email.
Currently, Google is working on getting rid of these criminals, but for now users can protect themselves by turning off automatic adding of invites to calendars, and to avoid putting personal information into unknown links.