A new phishing scam is targeting internet users through fake party invitations that imitate the appearance of popular invitation platforms, using curiosity and fear of missing out to lure victims into clicking malicious links or entering login credentials.
The scam was reported by Mashable in an article published on April 28, 2026, citing a New York Times report. According to the visible account, the phishing emails are disguised as invitations from services such as Paperless Post, Evite and Punchbowl, making them appear familiar and credible to recipients.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Fake Invitations Used as Phishing Bait
The scam relies on vague party invitations arriving in users’ inboxes, sometimes appearing to come from long-distance acquaintances such as former colleagues, old college friends or distant relatives. In some cases, the emails are sent from compromised accounts, which can make them harder to identify as fraudulent.
One Mashable editor reportedly received a phishing email presented as a Punchbowl invitation from her sister-in-law. After clicking the link, she was prompted by the website to enter her Gmail password. She then contacted her sister and confirmed that the email account had been hacked.
Links May Steal Data or Capture Credentials
The phishing attempt works in two ways, according to the report cited in the screenshots. In one version, the link appears to be dead after it is clicked, but the click itself can quietly trigger malware that harvests passwords and personal data in the background. In another version, the link opens a page that asks users to enter login credentials, handing attackers access to personal accounts.
Rachel Tobac, CEO of cybersecurity firm SocialProof Security, told the Times that the scam first appeared around the last holiday season. She said its effectiveness comes from basic human psychology, as phishing schemes regularly look for new emotional triggers and the fear of missing out can be a powerful one.
Warning Signs and Reporting Measures
Fake invitations tend to be vague, according to Evite’s vice president of brand, Olivia Pollock, who also spoke with the Times. Generic phrases such as “birthday party” or “celebration of life” may be red flags when they lack the specific details that legitimate invitations often include.
Users are advised to trust their instincts when an unexpected invitation feels unusual, avoid clicking suspicious links and report phishing emails to their email provider, delete them or ignore them.
The invitation scam follows a broader rise in phishing schemes, including fake E-ZPass toll notices, phony DMV warnings, fraudulent job offers impersonating Indeed and IRS impersonation attempts. A 2025 McAfee survey cited in the article said nearly a quarter of Americans had either been victims of a tax scam or knew someone who had.
