Invitation to party? SCAM
A new phishing campaign is making the rounds on campus, and it’s disguised as something friendly and harmless: a party invitation.
Recently, members of our community received an email claiming “You’re invited to my private party,” complete with what looks like an e‑card and a link to “download the card.” While it may appear like a simple digital invitation, this message is a malicious phishing attempt designed to trick recipients into downloading harmful content or entering personal information.
Here’s what you need to know to stay safe.
Red Flags to Spot Immediately
This scam is subtle, but several features should raise suspicion:
1. Generic, vague messaging
There is no event name, no sender context, and no personal detail—hallmarks of mass‑sent phishing.
2. Unexpected attachments or downloads
Legitimate invitation platforms do not require you to download a file to view an invite.
3. Inconsistent formatting
The email shown has large blank areas, odd alignment, and mismatched fonts—common signs of a hastily constructed phishing template.
4. External, unverified email sender
The message originates from an unknown external address pretending to represent a known service.
If You Receive an Email Like This
Here’s what to do:
- Do NOT click any links or download attachments.
- Report the message to the VCU Information Security Office.
- Delete the email from your inbox and trash.
- If you accidentally clicked the link or entered your login information:
- Change your password immediately.
- Contact your IT security team for assistance.
Stay safe online and remember to do your annual security training!