[ad_1]
Opening an electronic invitation from a familiar name may seem harmless, but cybersecurity experts warn it could be a gateway for scammers to steal personal information and money.
Alexis Moser, who runs a preschool, said she fell victim to a phishing scam after receiving what appeared to be an invitation from a friend known for hosting events.
“I checked my email, and it looked like I had an invitation from a friend who normally throws fundraisers and galas,” Moser said.
When she clicked the link, she was prompted to choose an email provider and log in. After entering her credentials and completing a multi-factor authentication request, the screen went blank.
Within hours, Moser said she began receiving messages from contacts asking about an invitation she had supposedly sent.
“And I was like, ‘Oh, this must have been a scam,’” she said.
Moser warned her contacts not to respond and changed her email password. But days later, she discovered the impact had gone further.
“When I checked the transaction history, there were three relatively small transactions that totaled $5,500,” she said.
Cybersecurity experts said this type of attack is a phishing scheme designed to capture login credentials.
“They will ask people to go to a page and will ask the people to authenticate,to put their credentials on the page— username and password,” said Pablo Molina, chief information officer at Drexel University. “But because the page is fake, any information we put in there will be stolen by the cybercriminals.”
Molina said victims should act quickly if they suspect they’ve been targeted.
“The most important part, particularly if any of our money or credit card transactions are at risk, is to contact your financial institutions,” he said.
Moser said her bank was able to recover most of the stolen funds.
Experts also warned that legitimate invitation services will not ask users to log in or download content to view an invite. Requests for credentials should be treated as a red flag.
Paperless Post, an online invitation platform, said it is aware of phishing campaigns impersonating its brand.
“We are aware of these phishing campaigns impersonating online invitation platforms, including our brand, and we are actively working to combat them,” the company said in a statement. “It’s important to clarify that these scams are not the result of any breach in our systems.”
The company advises users to verify invitations by checking that emails come from an official domain, such as @paperlesspost.com, and that links direct only to its official websites. It also said legitimate invitations will never require users to log in or download files to view them.
Moser said the experience has changed how she approaches digital communications.
“If you receive something from a friend, family member—whoever—hang up and call them,” she said. “It looked like a real invitation.”
[ad_2]
