Phishing Attempt - [Invitation] Attn: Beneficiary

I've seen a number of Phishing attempts in my time, never one that had an attached 'invite.ics' file from Google Calendar. Since it came through as an Invitation, there were no full Internet Headers to trace the path.

I did save the 'invite.ics' file and opened it in Notepad. Here is that text.

BEGIN:VCALENDAR
PRODID:-//Google Inc//Google Calendar 70.9054//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:REQUEST
BEGIN:VEVENT
DTSTART:20080305T050000Z
DTEND:20080305T060000Z
DTSTAMP:20080304T174202Z
ORGANIZER;CN=patrick moore:MAILTO:patrickmoor2004 @ [removed].com
UID:ik2fh7vpcee0t4p13o347oho1c@google.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;X-NUM-GUESTS=0:MAILTO:keeper@psu.edu (this is my email)
CLASS:PRIVATE
CREATED:20080304T174158Z
DESCRIPTION:[removed]
LAST-MODIFIED:20080304T174158Z
LOCATION:
SEQUENCE:0
STATUS:CONFIRMED
SUMMARY:Attn: Beneficiary
TRANSP:OPAQUE
END:VEVENT
END:VCALENDAR

There were links that asked

Will you attend?

Yes |No |Maybe

In breaking down the links, they all went to the same address. Here they are in four parts.

aWsyZmg3dnBjZWUwdDRwMTNvMzQ3b2hvMWMga2VlcGVyQHBzdS5lZHU

aWsyZmg3dnBjZWUwdDRwMTNvMzQ3b2hvMWMga2VlcGVyQHBzdS5lZHU

aWsyZmg3dnBjZWUwdDRwMTNvMzQ3b2hvMWMga2VlcGVyQHBzdS5lZHU

&rst=1&tok=MjUjcGF0cmlja21vb3IyMDA0QGdtYWlsLmNvbTRlOGM0ZWM1MTZlYT

&rst=2&tok=MjUjcGF0cmlja21vb3IyMDA0QGdtYWlsLmNvbTRlOGM0ZWM1MTZlYT

&rst=3&tok=MjUjcGF0cmlja21vb3IyMDA0QGdtYWlsLmNvbTRlOGM0ZWM1MTZlYT

g2YTRlOGZkZGEwYzZhMjY2OGRkZDQyNWExODA&ctz

g2YTRlOGZkZGEwYzZhMjY2OGRkZDQyNWExODA&ctz

g2YTRlOGZkZGEwYzZhMjY2OGRkZDQyNWExODA&ctz

=Pacific%2FHonolulu&hl=en

=Pacific%2FHonolulu&hl=en

=Pacific%2FHonolulu&hl=en

So in the classic shell game, any answer would have confirmed my email address as being "live" and could have been used for more Spam.

As further indication of human engineering, the Phisher is on Honolulu time. Lucky them.

Never seen one of these attempts. Interesting.