The FTC warns that scammers may use “party invite” lures to trick people into entering email credentials. That credential harvesting can enable account takeover and scammers may use compromised accounts to spread the scam to the victim’s contacts.

The FTC says scammers are increasingly using social lures—like messages claiming you’ve been invited to a party—to get victims to enter sensitive login details. In these scams, the “invite” link often leads to a fake login or credential-harvesting page where the victim is asked to submit an email address and password. Once obtained, those credentials can be used to take over the victim’s accounts, including email and other services tied to the same login information. After the compromise, scammers may use the account to contact friends, family, or coworkers, sending the same party-invite message (or other phishing prompts) in a way that appears more legitimate because it originates from a trusted contact. The FTC advises consumers to treat unexpected invites as suspicious, avoid entering credentials from unsolicited links, and take steps such as changing passwords if they believe they entered their information. The agency also recommends enabling account protections where available to limit the damage from stolen credentials. Original source details are available via the FTC Consumer Alert.