Watch Out for Fake Email Invitations

A new wave of phishing emails is dressing itself up as a party invitation. Fake messages designed to look like they're from Evite, Paperless Post, Punchbowl, or another digital invitation service are landing in inboxes, often appearing to come from someone you know. Evite has confirmed a notable rise in these phishing scams this year, with messages that copy the brand's design and formatting almost exactly. One click can hand scammers your email password and, from there, access to every account that uses that email for password resets.

What makes this scam different from a typical phishing email is that it spreads through people you trust. If the sender looks like someone you know, their account may have already been hacked and used to send the same fake invitation to their entire contact list — including you.

Here's what to know.

How This Scam Works

• You receive an email that looks like an invitation from Evite, Paperless Post, Punchbowl, or another digital invitation service, often appearing to come from someone in your contacts.
• The subject line is usually a vague event like "Save the Date!" or "Party" or "Event" with no specifics about who, where, or when.
• The message includes a button or link to "RSVP here" or "View Invitation."
• Clicking the link doesn't take you to a party page. It takes you to a fake login screen asking for your email and password.
• Once you enter your credentials, scammers use them to log in to your real email account and send the same fake invitation to everyone in your contacts.
• With access to your inbox, they can also reset passwords on financial and shopping accounts that use email-based recovery.

What to Look Out For

• Sender domain doesn't match the real service. This is the single most reliable signal. Real invitations come only from the service's official domain — Evite emails, for example, come only from evite.com or verified subdomains of evite.com. A message that displays the brand name but is actually sent from a Gmail, Yahoo, Hotmail, or any personal email address is a phishing attempt.
• Look-alike domains. Scammers sometimes register addresses that are almost identical to the real thing, like "Eviite.com" instead of "Evite.com." Read the domain carefully, character by character.
• Hovered link doesn't go to the official domain. On a desktop, hover your mouse over the "View & RSVP" button before clicking. The destination URL appears at the bottom of your browser. For Evite, real links go to evite.com or evite.me. If a link in any invitation email doesn't go to the service's official domain, treat the email as phishing no matter how legitimate it looks.
• Vague event details. Real invitations include a host's name, a date, and a venue. Generic subject lines like "Save the Date!" with no event particulars are a red flag.
• Pressure to RSVP quickly. Phrases like "Immediate Action Required," "Your spot is not guaranteed," or messages full of exclamation marks and spelling errors are designed to rush you past your own scrutiny.
• A login screen appears. A real digital invitation never requires you to enter your email password, banking information, or sensitive account details just to view it. If clicking takes you to a login page, close the tab.
• Unexpected sender. A coworker from three jobs ago, a neighbor you barely know, or anyone whose name in your inbox feels out of character is worth a pause, even when the message looks real.

When in doubt, the simplest verification is the oldest one: pick up the phone and call the person who supposedly sent the invitation.

If You Already Clicked

• Don't click any other links in the email.
• If you entered any information, clear your browser's cookies and cache and run an antivirus scan on your device.
• Change your email password from a different device and turn on two-step verification.
• Report the email as phishing in your email client (in Gmail: three-dot menu → "Report phishing").
• If the message appeared to come from someone you know, let them know their account may have been hacked so they can secure it before it sends more fake invitations.
• Check your bank, credit card, and brokerage accounts for password-change notifications, unfamiliar logins, or transactions you don't recognize.

How Carefull Can Help

If you receive a suspicious invitation and aren't sure whether it's real, you can run it through Carefull's ScamCheck tool.

Beyond catching individual messages, Carefull's identity monitoring watches for unusual activity tied to your information, like new accounts opened in your name or sudden changes to your credit. If a phishing email leads to anything more serious downstream, Carefull alerts you early so you can act before real damage is done. And if something does go wrong, our U.S.-based Care Team is on hand to help you sort it out.

‍