As graduation ceremonies and summer parties fill calendars across the US, scammers are exploiting the excitement with a new phishing scam disguised as digital invitations. The warning comes after the US Federal Trade Commission (FTC) received reports of fake messages pretending to come from popular invitation services such as Evite and Paperless Post. The messages appear harmless at first glance. Some even use the name of a friend or family member as the host.
Behind the cheerful invitation sits a carefully designed scam aimed at stealing email credentials and gaining access to personal accounts. Cyber criminals have long relied on urgency and curiosity to trap victims. This latest campaign blends both tactics into a convincing phishing attack that targets people during one of the busiest social periods of the year.
How the Scam Works
Victims receive a text message or email claiming they have been invited to a party, graduation celebration, wedding or summer gathering. The message usually contains a link to view event details or RSVP. Once clicked, users are directed to a fake login page that asks for an email address and password.
In some cases, the site requests a phone number and a verification code sent by text message. Fraudsters then use that code to bypass security protections and gain control of accounts. The FTC said legitimate invitation platforms do not ask users to hand over email passwords simply to view an invitation. Once scammers gain access to an email account, they can spread the same fraudulent messages to contacts, making future invitations appear more convincing.
Why the Scam Is Spreading
Phishing attacks often succeed because they exploit emotion rather than technical weakness. A message about a celebration or gathering does not immediately raise suspicion. Many people respond quickly without checking links carefully, especially when the message appears to come from someone they know.
Scammers also benefit from timing. During graduation season and summer holidays, people expect invitations, travel confirmations and social updates. Fraudulent messages blend easily into the stream of daily notifications. The emotional pressure can be effective. Many people fear missing an important event or ignoring a friend's invitation. Fraudsters use that instinct to encourage quick action before victims stop to think. The FBI and FTC have repeatedly warned that phishing scams increasingly rely on impersonation and psychological pressure to gain access to accounts.
Warning Signs to Watch for
The FTC advises users to pause before interacting with unexpected invitations. One major warning sign is any request for login credentials outside a trusted website. Another is pressure to enter verification codes sent by text message.
Poor spelling, unusual website addresses, and generic greetings can also signal fraud, although many modern phishing attempts now appear polished and professional. If an invitation seems suspicious, users should contact the supposed host directly through another method before clicking any links. Typing the official website address manually into a browser is also safer than opening links from emails or text messages.
How to Protect Yourself
The FTC urges users to keep security software updated across phones, tablets, and computers. Automatic updates help block new threats as they emerge. Officials also recommend enabling two-factor authentication on email and social media accounts. This adds another layer of protection if passwords are stolen.
People who believe they entered their credentials into a fake website should act immediately. Changing passwords quickly can stop attackers before they fully access an account. The FTC also advises users to create strong passphrases rather than simple passwords reused across multiple accounts. Suspicious emails can be forwarded to the Anti-Phishing Working Group at reportphishing@apwg.org. Fraudulent text messages can be reported by forwarding them to SPAM at 7726.
Consumers can also report phishing attempts directly through the FTC's fraud reporting portal. As digital scams become more sophisticated, officials warn that caution remains one of the strongest forms of defence. A simple invitation may appear friendly on the surface, but one careless click can expose personal data, contacts, and private accounts to criminals.
