What The Tech: E-vite scams on Facebook
BY JAMEY TUCKER, Consumer Tech Reporter
Fear of missing out can get you into trouble.
Scammers are using fake party invitations that appear to come from friends, family members, coworkers, and neighbors. At first glance, everything about the email looks legitimate. The invitation may come from a real Gmail account, include the sender’s email signature, phone number, website, and even a photo.
That’s exactly what happened to me. An invitation arrived in my inbox that appeared to come from a friend. Nothing about it seemed suspicious. But when I clicked the invitation on my computer, I wasn’t taken to a party page. Instead, I was directed to download an EXE file, a type of Windows program that can installmalicious software on a computer. The page even displayed a Norton Anti-Virus logo and an RSVP code. It looked convincing enough that many people would never suspect it was fake.
The scam works differently on smartphones. Instead of asking users to download software, victims may be asked to sign in with their email account. If they enter their username and password, they’re handing that information directly to the scammers.
Why It Looks Like It Came From a Friend
One of the most alarming parts of this scam is that the invitation often does come from a friend’s real email account. The friend likely received the same fake invitation, entered their login information, and unknowingly gave scammers access to their email account. Once inside, the scammers send
more fake invitations to everyone in that person’s contacts. That’s why these messages can be so convincing. They aren’t coming from a random email
address. They’re coming from someone you know and trust.
How to Protect Yourself
The best defense is skepticism. If you weren’t expecting an invitation, don’t click the link. Instead, contact the sender another way and ask if they really sent it.
A few other ways to protect yourself:
● Avoid downloading files attached to unexpected emails, especially EXE files.
● Keep your computer, smartphone, and web browser updated with the latest security patches.
● Turn on two-factor authentication for your email account and other important accounts.
● Never enter your email password after clicking a link in an email unless you’re absolutely certain the site is legitimate.
The Federal Trade Commission warns that legitimate invitation services should not require your email password just to view an invitation. If you’re being asked to sign in with your Gmail or Outlook credentials simply to see party details, that’s a major red flag.
What to Do If You’ve Already Clicked
If you entered your email password after clicking one of these invitations:
1. Change your password immediately.
2. Turn on two-factor authentication if you haven’t already.
3. Review your account’s security settings and look for any email forwarding rules youdidn’t create.
4. Let your contacts know your account may have been compromised.
This scam is spreading because it takes advantage of something we trust: invitations from friends.
If you receive a suspicious Evite or party invitation, don’t assume it’s legitimate just because you recognize the sender. That friend may already be a victim, too.
