racheltobac Apr 23

Have you received a party invite that turned out to be fake (a scam!) in the last 6 months?!
I just broke down how this scam works for the @nytimes so dive into the 2 distinct paths this scam follows, how to catch it, and how to reduce its impact if you do click here:

https://www.nytimes.com/2026/04/23/style/invitation-phishing-scam.html

New Phishing Scam: Fake Invitations

Hackers are spoofing Paperless Post, Evite and Punchbowl to creep into your hard drive.

The New York Times
Show threadJason Petersen (he)Apr 23

@racheltobac @nytimes Maybe I'm missing the "how this works" part, but it sounds like it's just "don't install malware" and "don't reuse passwords"?

This is just phishing with a particular flavor, no?

Show threadracheltobac Apr 24
@jason big long thread answering those questions here if you prefer! https://x.com/racheltobac/status/2047429189301625151?s=46&t=NyA6Hhhifs99eqUAKlHl2Q
Rachel Tobac (@RachelTobac) on X

Have you received a party invite that turned out to be fake (a scam!) in the last 6 months?! I just broke down how this scam works for the @nytimes, let’s dive into the 2 distinct paths this scam follows, how to catch it, and how to make it harm you less if you do fall for it 🧵

X (formerly Twitter)
Show threadgroff 🇺🇦

@racheltobac @jason

Aint no way I'm clicking on a link to that fash misinformation hellhole.

Apr 24 at 12:37amWeb
Show threadJason Petersen (he)Apr 24

@geoffl @racheltobac to save you the click: it’s just malware (unlikely to function without user action, unless someone’s burning zero days on this), or credential harvesting (of the simplest kind: password reuse)

(In other words the answer to my question was just “yes”)