Pennsylvania Attorney General Dave Sunday is warning consumers about a new phishing scam using fake digital invitations sent from compromised email accounts.
The scam tricks users into clicking RSVP links that may steal login credentials or install malware on devices.
Officials urge consumers to verify invitations directly with senders and avoid entering passwords through invitation links.
If you get an email from a friend or family member inviting you to an event, don’t rush to accept it. It could be one of the latest schemes cooked up by scammers.
Pennsylvania Attorney General Dave Sunday has warned his constituents about a new phishing scam that uses fake digital invitations to steal personal information and compromise online accounts.
According to the attorney general’s office, scammers are sending emails that appear to come from friends or acquaintances inviting recipients to events, conferences, or birthday parties through online invitation platforms. The emails typically contain a link prompting users to view an invitation and RSVP.
Sunday said recipients who click the links may be asked to sign in using Google, Apple, Microsoft, or similar online accounts. Entering login credentials can result in email accounts being compromised or malware being installed on devices.
“Scammers are constantly evolving their tactics to appear more credible and trustworthy,” Sunday said in a statement. “If you receive an unexpected invitation that requires you to log in or provide personal information, take a moment to verify it directly with the sender — that extra step can protect your personal data and prevent serious harm.”
Red flag
The attorney general’s office emphasized that legitimate invitation services generally do not require users to sign in simply to view invitations. Officials also advised consumers to be cautious of generic invitations and to hover over links before clicking to confirm they direct users to legitimate websites.
Consumers are encouraged to verify invitations through a phone call or text message to the sender before responding. Officials said legitimate invitations will not ask users to enter passwords and rarely require downloads.
Anyone who believes their email account may have been compromised should immediately change passwords, enable two-factor authentication, and report suspicious emails to their provider as phishing attempts, according to Sunday.