Invitation scams that mimic legitimate online event services are spreading fast, and Chris Wright says the tactic works because it borrows trust people already have in familiar brands. The messages can look like a wedding RSVP, a higher-stakes event invitation, or even a routine business notice, but the goal is the same: get the recipient to click a malicious link or hand over login information.
Wright said scammers lean on names people recognize, including Evie, Microsoft, Google and DocuSign, to create what he called “borrowed credibility.” He said some messages arrive in a formal RSVP format that resembles an email invitation to “a wedding or a higher stature event or something like that,” making the pitch feel ordinary before it turns dangerous.
The threat matters now because the scams are becoming more polished at the same time people are spending more of their personal and professional lives online. Wright said one common version sends a fake login page that appears to be from Microsoft or Google and tells the recipient they must sign in to view the invitation. He said the web address often exposes the trick: “If you actually look at the URL, it’s going to be nothing that looks like Microsoft or Google or anything that it says it is,” Wright said.
The same approach is showing up in business settings, where the scam can be tailored to different email providers and brands. Wright said some fake login pages are built to match the recipient’s own service, including “a very convincing looking Gmail logon page” for Gmail users. Others offer several login buttons at once, such as Microsoft, Google or Yahoo, in an effort to capture usernames and passwords no matter which account the victim chooses.
There is another version that is even more damaging. Wright said some invitations ask the user to download an executable file that appears to contain the event details. “In all actuality, that executable file just gave the attacker remote access to your computer,” he said, turning a simple click into a full compromise of the device.
That is why the advice is blunt. Wright said people should “Slow down,” inspect messages carefully and check sender details before reacting. If an email only shows a display name, he said users should click to reveal the full address. He also urged people to hover over links before opening them so they can preview where the link really leads. Unexpected messages that create a feeling of “I did get that,” he said, are often the ones most likely to be scams.
The basic lesson is that phishing is no longer limited to clumsy fake notices with obvious spelling mistakes. Today’s invitation scams are built to look polished, timely and social, which makes them harder to spot at a glance. For anyone wondering what is a phishing scam, this is the modern answer: a message that trades on trust, pressure and familiarity to get inside your account or your computer.
