New phishing scam targets your FOMO with fake party invitations
Phishing scams have always tried to trick you into clicking malicious links, often relying on scare tactics — fake bank alerts, IRS threats, parking tickets, the works. The new playbook is a little more devious: They're targeting your FOMO instead.
According to a report from the New York Times, a new wave of phishing scams is now disguising itself as party invitations, spoofing the look of popular invitation platforms like Paperless Post, Evite, and Punchbowl.
In some cases, the phishing emails actually come from someone you actually know — a former colleague, an old college friend, a distant relative — with a compromised email account. That makes them significantly harder to clock as fake.
One Mashable editor received a phishing email disguised as a Punchbowl invitation from her sister-in-law and clicked the link. However, when the website prompted her to enter her Gmail password, she contacted her sister and confirmed her email account had been hacked.
The scam works two ways, per the Times. In one version, the link appears dead when clicked, but the click itself quietly triggers malware that harvests your passwords and personal data in the background. In the other, the link works, and asks you to enter your login credentials, which then hands hackers full access to your personal accounts.
Rachel Tobac, CEO of cybersecurity firm SocialProof Security, told the Times the scam first appeared around last holiday season and that its effectiveness stems from basic human psychology. Every few months, she noted to the publication, phishing schemes find a new emotional lever to pull — and the fear of missing out is a powerful one.
Fake invitations tend to be vague, according to Evite's VP of brand Olivia Pollock, who also spoke with the Times. Generic phrases like "birthday party" or "celebration of life," rather than the specific, niche events most real invitations advertise these days, tend to be the biggest red flags.
In response to these scams, Paperless Post has set up a dedicated email address — phishing@paperlesspost.com — for users to submit suspicious invitations for verification.
Want to learn more about getting the best out of your tech? Sign up for Mashable's Top Stories and Deals newsletters today.
The invitation scam is the latest in a long line of phishing schemes that have proliferated over the past few years. As Mashable has covered extensively, 2025 was defined by text-based scams in particular. Common examples include fake E-ZPass toll notices, phony DMV warnings threatening to suspend your license, fraudulent job offers impersonating Indeed, and IRS impersonators pressuring victims to pay up before they have time to think.
Nearly a quarter of Americans have been the victim of a tax scam alone, or know someone who has, according to a 2025 McAfee survey. All of these phishing tactics rely on the same tricks — urgency, familiarity, and just enough plausibility to make you act before you think.
So, the bottom line is this: If you get an unexpected invitation and something feels slightly off, trust that instinct before you click.
You can report phishing emails to your email service provider, delete them, or simply ignore them.
Have a story to share about a scam or security breach that impacted you? Tell us about it. Email submissions@mashable.com with the subject line "Safety Net" or use this form. Someone from Mashable will get in touch.