You’re Invited! (You’re invited to have your email account hacked, that is!)
Have you received a digital invitation lately? Maybe a beautiful email asking you to join a lovely gathering, a party, or a cookout? Before you click that “RSVP” button to say yes to the potato salad, hold your horses!
There is a massive wave of phishing scams making the rounds right now. Scammers are doing a masterful job of impersonating popular online invitation services like Paperless Post, Evite, and Punchbowl.

Here is what you need to know to keep your computer—and your email account—safe.
The Bait: “You’re Invited!”
Most scams try to scare you into clicking a link (like threatening to shut down your bank account). But this one plays on your good nature and curiosity. The scammers are using lovely, polite subject lines to get you to lower your guard. Watch out for emails with subjects like:
-
“Please join us for a lovely gathering…”
-
“Shhhhh… It’s a surprise!”
-
“You’re invited!”
-
“You’re invited to a graduation celebration”
They look polished, they look professional, and worst of all, they often look like they came from a friend, a family member, or someone from your church.
How the Miscreants Pull It Off
These fake invitations look exactly like the real thing. They steal the logos, colors, and layouts of the real company. But the moment you click that “View Invitation” or “RSVP” button, the trap springs.
Depending on the version of the scam, one of three things happens:
-
The Password Trap: You’re taken to a fake page that claims you need to “log in with your email and password” just to see the invitation. (Spoiler: The moment you type it, the bad guys have your password!)
-
The Verification Trick: They ask you to enter a one-time code sent to your phone or email, allowing them to bypass your security.
-
The Malware Delivery: The site tries to sneak a nasty malware download onto your computer or redirects you through a maze of malicious websites.
Why is it so convincing? In many cases, the friend who “sent” you the invite actually got hacked themselves. The scammers used their real email address to send the fake invite to everyone in their address book.
How to Spot the Fakes
You don’t have to be tech-savvy to beat these guys. Just use these simple rules of thumb:
-
Check the Sender’s Address: This is the easiest giveaway. A real invitation will come directly from the company’s official domain (like
paperlesspost.comorevite.com). If the invitation comes from a regular personal email account (like your friend’s personal @gmail.com or @yahoo.com address), do not click it. -
The Golden Rule: A legitimate invitation from Paperless Post or Evite will never ask you to type in your email password just to open and look at the card. If it asks for a password, close the tab immediately!
-
Look Before You Leap: Hover your mouse cursor over the RSVP button without clicking it. Look at the bottom corner of your screen to see where the link is trying to take you. If it doesn’t point to the company’s official website, it’s a scam. DO NOT CLICK THAT LINK!
What the Real Companies (and the FTC) Are Saying
The folks at Evite and Paperless Post want you to know that their systems have not been breached. The hackers are just copying their brands. They recommend never entering your email credentials to open a card and contacting the host through another method if you’re unsure whether an invitation is genuine.
Even the Federal Trade Commission (FTC) issued an official warning about this exact “You’re Invited” scam. They advise everyone to keep their guard up, never click unexpected links, and to ensure you have Two-Factor Authentication (2FA) turned on for your email accounts. If you did accidentally type your password into one of these fake invites, change your email password immediately!
This is serious stuff. We know of several people who were locked out of their Gmail accounts because a hacker hijacked their account and used it to attempt to send a massive amount of spam. They had to jump through hoops to get their Gmail account back.
BE SMART AND THINK BEFORE YOU CLICK!
