Party Invitation Scam

Party Invitation Scam: a reader asks…
I am embarrassed to say that I received a “party invitation” from an old, old friend and, like and fool and without thinking, I tried to open it and reply. It asked me to login using any number of platforms — Outlook, Yahoo, Office 365, Aol, or with another email platform. Like a fool, I did NOT check with my old friends and followed the instructions to try to reply. It involved me entering a couple of my email addresses and then waiting for an OTP on my phone which I then plugged into the box for it. Upon entering the OTP and hitting return, a new page appeared but nothing ever came up even when I polled again a couple of times. So, I went from my Firefox browser to Edge and tried again following the same procedure and and obtained the same result. So, I emailed my friend to inform him I could not open the invitation and he replied there is no party and the invite was a scam. I assume he was hacked. So, did I invite a Trojan horse into my Windows computer? I subscribe to Malwarebytes and keep it up-to-date with scans, etc. Any recommendations? Any ideas appreciated.
Yes, there are fake invitations out there, and it sounds like you got hit with one. Embarrassment is common, but don’t beat yourself up about it. We all fall for these fake emails; the scammers/hackers are getting increasingly sophisticated and prey on our natural human weaknesses.
Because you followed the fake email’s instructions and logged into several email accounts, it’s quite possible they conducted a ‘man-in-the-middle’ attack, where they directed you to a fake AOL, Yahoo or other email platform, then used your login there to verify with the real platform and gain entry. You should immediately:

Log into each of those platforms independently and change the login password. You should also verify all contact and security information (such as recovery emails) and, if the platform offers a security option to log all devices out, use it (in case the scammer logged in to your accounts).
Don’t delay, do the above immediately to protect your email and other accounts. As you may know, many other online accounts use an email address to send password reset instructions (forgotten password option in the login page), so if you want to be truly protected, you’ll need to log into every online account you have and change the password. Lots of work, but the only way to make sure you’re not compromised.
After you’ve done the above, here’s some general information and ways to make sure your computer or device is not compromised: In general, attacks can fall into one or both of these types:
- A scam attempt that gets you to divulge personal information, which can include email addresses, login credentials/passwords, banking information (including getting you to make a money or cryptocurrency transfer), get you to give someone remote access to your computer or device, etc. Once a scammer gains access to your email account, they can use the forgotten password feature to gain access to other online accounts of yours.
- A hacking attempt that gets you to allow an infection (malware, viruses, worms, trojans, etc.) onto your computer or device. These can then compromise the security of your computer or device, transfer your personal data to the hacker, lock up/encrypt your personal files for ransom (ransomware), log into your email, banking, shopping, social media, and other online accounts, then change passwords to lock you out of your own accounts, etc.

Assuming you’ve got a Malwarebytes Premium subscription, and you’ve NOT set it to disable the built-in Microsoft Windows Security scanner (see this article: Setup Malwarebytes Correctly in Windows for how), you should be reasonably well-protected. Of course, if you disclosed information, you will need to take action to remediate the security vulnerability (hence my words at the top of this message).
Here’s what you may want to do to confirm that your computer or device is clean:
- Open Malwarebytes, update it, and then run a deep scan (on the dashboard, click the 3 dots to the right of the Scan button, click Advanced Scan, then Deep Scan). Wait for that to complete, then close it if/when it shows your system is clean. If it finds something, quarantine or delete it (and feel free to send me a screenshot of what it found).

- After updating Windows, open Windows Security, click Virus & Threat Protection, click Scan Options, then click either Full Scan, or better yet, Microsoft Defender Offline Scan (your choice, the latter restarts your computer and runs before Windows starts). If either scan show (and remediate) an infection, feel free to send me a screenshot (or snap a photo of your screen) and send it to me.
If your computer passes both of these scans and they didn’t find anything, you can feel confident that the scam attempt was not also a successful malware attack on your computer or device. Of course, that doesn’t negate the threat to your digital life posed by your actions, so the remediation work I noted above is critical and time-sensitive. The longer you wait before securing your online accounts, the more chance there is that there will be compromises.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!




