Asked to enter your email address and password to open a party invite? That’s a scam

It’s graduation and summer party season. The FTC is getting reports about unexpected “You’re invited” texts and emails that are actually phishing scams. These fake invitations ask for your email login credentials or a special pass code to open them, but don’t do it. Learn how these phishing scams work and how to protect yourself if you get one.

Scammers send unexpected messages that look like they're from well-known invitation platforms like Evite or Paperless Post. Some messages list someone you know as the host and make you enter your email username and password to see event details. Some messages tell you to enter a phone number and share a special code to RSVP. That’s not how real invitations work. This is just a scammer trying to steal (or reset) your account information. If they get in, they might take over your email account and send the same scam to your contacts.

If you get an unexpected invitation like this, resist the urge to click. Instead, check with the host to make sure it’s real.

To help protect yourself from phishing texts and emails:

• Keep security software updated. Set your computer software to update automatically so it will deal with any new security threats. Update your phone's software regularly, too.
• Use two-factor authentication. Taking extra steps to verify who you are makes it harder for scammers to log into your accounts if they get your username and password.
• Act quickly. If you think a scammer has your email account information, change your password to create a new, strong passphrase right away. Then, go to IdentityTheft.gov for specific steps to take based on other information you may have lost.

Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org and texts to SPAM (7726). Then, report the phishing attempt to the FTC at ReportFraud.ftc.gov.