Evite Phishing Attacks Are On The Rise; Here's How To Stay Safe

The rising threat of phishing via festive invitations

During the Christmas and New Year season, email inboxes were flooded with invitations, marking a time of joy and celebration. However, amid the cheerful greetings, a new threat emerged–an Evite scam. As part of this scam, the victim is lured into clicking on a seemingly legitimate invitation, only to fall prey to a phishing attack that alters passwords and security questions. NBC Chicago’s PJ Randhawa brings attention to this phishing scheme, urging users to exercise caution and stay vigilant.

Louise Martell recently experienced the malicious side of holiday festivities when she innocently clicked on an Evite sent by a friend. The action triggered a phishing email chain, locking her out of her account. When she checked with her friend, she denied sending any such Evite.

"She told me that it was bogus. It wasn't from her. She had gotten an Evite from someone at church, it was also a fake Evite," Martell said. After regaining access to her account with the help of AT&T, she discovered that the attackers had utilized her compromised account to send out more fraudulent Evites, perpetuating the scam. 

Investigations by NBC 5 Responds reveal that Evite, the company responsible for the email invitations, issued a security alert back in 2019 following a data breach on their site. The breach exposed critical user information, including names, usernames, email addresses, and passwords. Cybersecurity experts believe that information exposed in previous breaches can resurface years later, reinforcing the need for perpetual vigilance.

Receiving a surprise invitation for an online event may not immediately raise suspicions. With an increasing number of businesses and acquaintances utilizing online platforms for social gatherings, unexpected invitations are becoming more common. However, it's important to exercise caution and verify the sender before taking any action. If the invitation appears to be from a business, it's advisable to consider whether you are subscribed to receive promotional emails from that particular company.

Tips to stay safe from Evite scams

Verify the sender: Always confirm the legitimacy of the Evite sender before clicking on any links. Reach out to the person directly through a trusted communication channel to verify the invitation.

Check for red flags: Look for suspicious elements in the invitation, such as generic language, misspellings, or unusual sender email addresses. Legitimate Evites typically include personal touches and accurate information.

Use two-factor authentication: Enable two-factor authentication on your email and Evite accounts for an extra layer of security. This helps protect your account even if your password is compromised.

Stay informed: Keep abreast of security alerts and updates from Evite and other online platforms. Awareness of potential risks is crucial in maintaining a proactive stance against evolving cyber threats.

Report suspicious activity: If you encounter a suspicious Evite or believe you've fallen victim to a phishing attempt, report it to Evite and your email provider immediately. Early reporting can help mitigate the impact on both you and others.

In many cases, event invitations come from individuals, such as acquaintances from social media, colleagues from your workplace, or old friends. While recognizing the sender's name may provide some reassurance, it's not a foolproof method to determine the invitation's safety. Therefore, it remains essential to proceed with caution. 

In a world where cyber threats continue to evolve, Martell's experience is an example of the impact of data breaches. Users are urged to prioritize cybersecurity hygiene, stay informed about potential risks of scams, and take proactive measures to safeguard their personal information.