This detection rule identifies callback phishing attempts that utilize Google Meet invitations. The rule targets invitations that impersonate reputable brands such as McAfee, Norton, PayPal, and Best Buy, using language related to purchases along with phone numbers intended to solicit victim contact. The rule primarily inspects inbound emails with specific criteria: it checks for a length of two attachments of type 'text/calendar' or with the 'ics' extension, ensuring the subject starts with 'Invitation:'. Additionally, it scans the body of the email for links pointing to Google Meet. The rule employs a regex to search for brand names known to be involved in phishing schemes in the email body, and it verifies the presence of at least three purchase-related terms. Finally, it checks for the existence of a toll-free phone number format within the text of the email or the subject line, which is characteristic of phishing emails. This proactive approach through content analysis helps to mitigate the risk of successful phishing attacks via Google Meet invitations.