What Is A Phishing Scam Uses Fake Party Invitations To Steal Logins
A new phishing scam is turning fake party invites into a lure for what is a phishing scam. The emails mimic services like Paperless Post, Evite, and Punchbowl, and some arrive from accounts belonging to people recipients know.
That shift makes the messages feel ordinary before they ask for a password or trigger malware. One editor clicked a fake Punchbowl invitation that appeared to come from her sister-in-law, then saw a prompt for her Gmail password.
Rachel Tobac On The FOMO Trap
Rachel Tobac, the CEO of SocialProof Security, said the scam first appeared around last holiday season. She said the tactic works by pulling on basic human psychology, and she added: “Every few months, she noted to the publication, phishing schemes find a new emotional lever to pull — and the fear of missing out is a powerful one.”
That focus on fear of missing out gives the scam a different hook from older phishing emails that leaned on bank warnings, IRS threats, or parking tickets. It also means a message can look social rather than suspicious even before a user opens the link.
Paperless Post And Evite Red Flags
Olivia Pollock of Evite said the biggest warning signs are vague invitations with generic phrases like “birthday party” and “celebration of life.” A message that stays fuzzy about the event can give a recipient less reason to trust the sender before entering credentials.
Paperless Post has set up [email protected] for users who want suspicious invitations checked. That gives recipients a place to forward a strange invite instead of clicking through first, especially when the sender’s account may already have been compromised.
Malware Behind Dead Links
Some versions of the scam use a link that looks dead when clicked but still triggers malware in the background that harvests passwords and personal data. Other versions send users to a page that works normally and then asks for login credentials, which hands hackers access to personal accounts.
Chance Townsend, a general assignments editor at Mashable, said the fake Punchbowl message he received came from his sister-in-law’s account, and the prompt led him toward his Gmail password before he checked with her and learned the account had been hacked. The risk here is not just the invitation itself but the borrowed trust that comes with a familiar name.
2025 has already been defined by text-based scams, including fake E-ZPass toll notices, phony DMV warnings, fraudulent job offers impersonating Indeed, and IRS impersonators. Nearly a quarter of Americans have been the victim of a tax scam alone or know someone who has, according to a 2025 McAfee survey, which helps explain why another familiar-looking lure can still catch people off guard.
