This hoax phishing email sends the recipient an invitation using popular invitation apps. It may be from an unknown sender, or even a known sender with a compromised email account.
What makes this a phishing message?
The party or event invitation is used to trick recipients into downloading and opening a file. The file is not an invitation but malware that will installing a full remote access tool on their computers.
This phishing scam is written to look like it came from a friend or acquaintance, increasing trust. The message is deliberately informal which lowers suspicion and encouraging quick action.
Tips if Something Seems Off:
The lure is for a friendly positive event, like a party or dinner. The attempt is to generate curiosity.
Although opening an invitation may seem low risk, the files are disguised malware that will allow the bad actor remote access to the recipient's computer.
Confirm with the sender in a different message of channel to confirm if the email is legitimate before downloading or opening any file
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow up with the individual directly in a separate email or call/text to confirm.
Report and/or flag it
- Open the message
- To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)
- Then 'Report phishing'
- For suspicious messages received by text, please take a screen shot and forward the message to phishing@berkeley.edu(link sends e-mail) For more information visit https://security.berkeley.edu/resources/phishing
Original Message:
