Party Foul: Invitation E-Mail Scam

The party’s over the minute you accept this invitation.

Let’s get right to the meat of this: never accept an email link or attachment that requests your logins and passwords, even if it is from a sender you THINK you recognize.

My wife thought she recognized the sender of the party invitation that came in her Outlook email. It cost her a 20-minute account recovery session with Microsoft.

Here’s what happened…

My wife received an unsolicited party invitation from the email address of my aunt (my dad’s sister). It was, indeed, my aunt’s accurate email address. The email contained a party invitation from what appeared to be PunchBowl, a legitimate party and event invitation platform. The invitation simply said, “Shh…open me for a surprise!”

Without reaching out to my aunt to see if she actually sent the invitation, my wife took the bait. She clicked on the invitation. It immediately prompted her for her Outlook login and password.

She typed them in. Nothing happened.

Until it did…

In a few minutes, she was locked out of her Outlook email account. She had given up her login and password to a malware attack. She alerted me, I contacted my aunt and discovered my aunt’s Outlook account had been compromised. My wife was the third person in my aunt’s contacts to receive the fake PunchBowl invitation. I explained to my wife what happened and how she needed to contact Microsoft immediately to recover her account. Luckily, Microsoft was on its game, but it took a tense 20 minutes before it could recover my wife’s account and allow her to change her login credentials.

This party invitation malware attack on my wife is the hottest new phishing scam. It was even a Maryland credit union’s Scam of The Week back in March. “(The fake party invitation) you receive will come from an individual, perhaps someone you’re connected with on social media, someone from your company, or an old friend,” wrote cybersecurity products company Kapersky in this blog about the scam. “Recognizing the sender’s name is not a surefire way to know that the invite is safe.”

The two surefire ways to know the invite is NOT safe is:

1. If the sender is someone you know, contact the sender directly and separately from the invitation. Ask them if they actually sent the invitation.

2. The link attachment itself. If it requests your personal information, it’s a malware attack. Providing your information or even clicking on the link itself could result in malware being installed on your device. It could jeopardize not only the login and password information you provided, but also EVERY password, account number and login stored in your computer.

PunchBowl, the real event invitation company, put out its own warning about the party invitation scam. “Legitimate emails (or invitations) from PunchBowl will never contain an attachment,” PunchBowl wrote in its online warning message.

The company recommended taking these steps if you received the party invitation scam email, whether it appears to be a PunchBowl invitation or any other company’s invitation:

• Do not open it, and do not click on any links within the email if you do.
• Please forward the email to help@punchbowl.com (or the real help email address of the company in question). It’s possible that someone has created an email to look like an Invitation or Card from PunchBowl or another legitimate invitation vendor.
• Mark the email as spam within your inbox.
• If recipients have received an Invitation or Card from you that you didn’t send, we recommend that you update your email account password.

Again, the two takeaways you should remember about the party invitation scam: always VERIFY the sender, and if there’s an attachment that requests your personal information, do NOT click on it or comply with its request.

Trust me, this is one party you’ll want to miss.

Copyright 2024 Wise ChoicesTM. All rights reserved.