New phishing scam targets your FOMO with fake party invitations
Source: Mashable Tech
New wave of invitation phishing
According to a report from the New York Times, a new wave of phishing scams is disguising itself as party invitations, spoofing the look of popular invitation platforms like Paperless Post, Evite, and Punchbowl.
In some cases, the phishing emails actually come from someone you know—a former colleague, an old college friend, a distant relative—with a compromised email account. That makes them significantly harder to spot as fake.
How the scam works
The scam works two ways, per the Times:
- Dead link – The link appears dead when clicked, but the click itself quietly triggers malware that harvests passwords and personal data in the background.
- Credential harvest – The link works and asks you to enter your login credentials, handing hackers full access to your personal accounts.
One Mashable editor received a phishing email disguised as a Punchbowl invitation from her sister‑in‑law and clicked the link. When the website prompted her to enter her Gmail password, she contacted her sister and confirmed the email account had been hacked.
Expert insights
Rachel Tobac, CEO of cybersecurity firm SocialProof Security, told the Times the scam first appeared around last holiday season. Its effectiveness stems from basic human psychology: every few months, phishing schemes find a new emotional lever to pull, and the fear of missing out is a powerful one.
Evite’s VP of brand, Olivia Pollock, noted that fake invitations tend to be vague. Generic phrases like “birthday party” or “celebration of life,” rather than the specific, niche events most real invitations advertise, are the biggest red flags.
Red flags & verification
- Vague event descriptions.
- Misspellings or inconsistent branding.
- Unexpected sender, even if the name looks familiar.
In response to these scams, Paperless Post has set up a dedicated email address — [email protected] — for users to submit suspicious invitations for verification.
What to do
- Trust your instincts – If an invitation feels off, don’t click any links.
- Report – Forward phishing emails to your email service provider or use the platform’s abuse/report feature.
- Delete or ignore – Remove the email from your inbox to avoid accidental clicks.
You can also report phishing emails directly to the platform (e.g., Paperless Post at [email protected]).
Have a story to share about a scam or security breach that impacted you? Email [email protected] with the subject line “Safety Net” or use this form. Someone from Mashable will get in touch.