The "You're Invited" Phishing Wave: Federal Charges Behind Fake Invitation Scams
Listen to Article
Part 1: Introduction
The FTC's May 2026 alert and what fake invitation phishing means for federal exposure
The party invitation in your inbox might be a break-in tool, and the government is treating it that way. In May 2026, the FTC issued an alert about fake "You're invited" texts and emails dressed up as Evite and Paperless Post invitations. The messages name a host you actually know, then demand your email username and password to view the event. There is no party. There is a credential harvest, an account takeover, and the same message blasted to your entire contact list.
Consumer warnings are only half the story. The other half is what happens to the people the government believes sent those messages, built the fake pages, or bought the stolen logins. Those cases are charged as federal felonies, they stack quickly, and they are landing on defendants younger than most people expect.
The FTC issued a national consumer alert in May 2026 targeting fake Evite and Paperless Post invitation scams. Federal prosecutors and the IC3 are treating consumer phishing reports as active criminal referrals. If agents have contacted you or a family member, do not wait for an indictment to seek counsel.

Fake invitation phishing is charged as federal wire fraud. The government pursues the whole supply chain.
A Fake Invitation Is a Credential Harvest With a Guest List
The FTC's May 26, 2026 alert describes the current wave. Scammers send unexpected invitations that look like they come from Evite or Paperless Post, timed to graduation and summer party season. Some list a real acquaintance as the host, which works because the sender is often inside that acquaintance's hijacked account already. To "view the invitation," the target enters an email address and password on a login page the operators control, or shares a reset code by text. Real invitation platforms never require any of that.
One captured mailbox is not the prize. It is the engine. A compromised email account exposes bank logins, brokerage access, tax records, and password resets for everything else, and it becomes the trusted sender for the next round of invitations. That self-spreading structure is why prosecutors treat invitation phishing as an ongoing scheme rather than a one-off intrusion, and why loss figures climb fast once an indictment lands.
The prosecutions are not hypothetical. In the Central District of California, five defendants were charged with wire fraud conspiracy and aggravated identity theft for a scheme that phished employees of victim companies by text message, harvested their credentials, and used the access to steal, among other things, cryptocurrency. One of the five was a 20-year-old from Palm Coast, Florida. In the Southern District of Florida, four defendants drew prison terms for a transnational email fraud scheme run through compromised and spoofed accounts.

How Agents Connect a Phishing Message to a Person
Phishing cases get built from infrastructure. Agents subpoena the registrar behind the fake invitation domain, the host behind the login page, and the platforms whose brands were impersonated. They pull IC3 complaints and FTC Consumer Sentinel reports to map the victim pool, then trace where harvested credentials traveled: the Telegram channel where logins were sold, the wallet that received proceeds, the IP addresses that touched the admin panel.
The supply chain is the charging map. One person codes the kit, another rents it, another sends the messages, another buys the harvested credentials, and another turns access into money. Federal conspiracy law under 18 U.S.C. § 1349 lets prosecutors treat every link as part of one scheme, which means a person who only sold "leads" or resold logins can be indicted alongside the people who drained accounts. Many of these defendants are young, recruited through gaming communities and Discord servers, and they are often stunned to learn that reselling someone else's phished credentials is charged the same way as stealing them.
Florida shows up in these cases constantly, as both victim pool and defendant pool. Any South Florida federal criminal defense practice now fields calls from families of young men whose online handles surfaced in a phishing investigation. State prosecutors have their own hook in Fla. Stat. § 815.06, Florida's computer crimes statute, which reaches unauthorized access even where federal prosecutors decline. And the tooling is evolving: AI-generated lures and cloned voices are pushing this work toward AI fraud federal defense territory, where the government's attribution evidence gets more technical and more contestable.

The Statutes and How the Exposure Stacks
The base charges are wire fraud under 18 U.S.C. § 1343, up to 20 years per count, and computer fraud under 18 U.S.C. § 1030, which criminalizes the unauthorized access itself, no theft required. Trafficking in stolen logins is access device fraud under 18 U.S.C. § 1029, with 10 to 15 year maximums depending on the subsection. The count that changes lives is aggravated identity theft under 18 U.S.C. § 1028A: using another person's means of identification during the fraud adds a mandatory two years that runs consecutive to everything else, and prosecutors can charge it per victim.
At sentencing, the guidelines turn on loss, and here is the trap most defendants never see coming: intended loss counts. A phishing page that captured five hundred credential sets can support a loss theory built on what those accounts could have yielded, not what was actually taken. Add enhancements for number of victims, sophisticated means, and mass marketing, and a defendant who personally pocketed a few thousand dollars faces a range measured in years. That is exactly where a wire fraud conspiracy defense earns its fee, because loss attribution, foreseeability, and role are all contestable.
Remember the elements. The government must prove intent to defraud and knowing participation. Building a login page is not a crime. Sending marketing email is not a crime. The case lives or dies on what the defendant knew about how the tools were used, and that is precisely the question agents want answered at your front door before you have counsel.
Aggravated identity theft under 18 U.S.C. § 1028A carries a mandatory two-year sentence that runs consecutive to all other counts. Prosecutors can charge it per victim. A phishing operation that captured hundreds of credential sets can generate compounding mandatory time, regardless of actual financial loss.
The Early Mistakes That Decide These Cases
Talking to agents without counsel is the first. False statements to federal agents are a separate felony under 18 U.S.C. § 1001, and in a phishing case the entire fight is over knowledge, so any explanation you volunteer becomes the government's exhibit on exactly the element it struggles to prove.
Deleting Telegram channels, wiping devices, or abandoning accounts after agent contact is the second. Prosecutors read deletion as a confession written in reverse, and it converts a triable knowledge case into an obstruction case. The third is continuing to sell access, kits, or "leads" after a grand jury subpoena arrives, because everything after that date looks willful.
The quietest mistake is treating silence from the government as safety. Phishing indictments arrive months after the infrastructure subpoenas go out. The pre-indictment stage is when charging decisions get made, and waiting for an indictment to hire a federal criminal defense attorney forfeits the only phase where the outcome is fully open.
Where the Defense Gets Built
Early intervention comes first. A pre-indictment defense lawyer can establish whether you are a witness, a subject, or a target, open a channel with the prosecutor, and put knowledge and intent evidence in front of the government before it commits to a charging theory. Declinations happen at this stage. They almost never happen after indictment.
Attribution is the second front. The government's case usually runs from a handle to an IP to a person, and every link in that chain can be tested: shared logins, VPN exits, spoofed identifiers, devices used by more than one person in a household. An experienced white collar defense attorney with the right forensic support makes the government prove that the person, not the account, committed the acts.
Proffer decisions deserve real caution, especially for young defendants whose parents want the matter resolved quickly. A proffer agreement can open a path to a declination or a cooperation resolution, and a bad proffer can convert a subject into a defendant in an afternoon. If charges come, the fight moves to intended loss, victim counts, role reductions, and sentencing mitigation built around age, immaturity, and the realistic prospects of a young defendant's future.

The Window Is Open Now, and It Closes at Indictment
Cyber-enabled fraud sits near the top of the Justice Department's 2026 priorities, the FTC is feeding consumer phishing reports into criminal referrals, and account takeover cases carry political weight because the victims are ordinary families. Charging decisions in these investigations stay fluid for months, then harden overnight.
If agents have contacted you, if a federal grand jury subpoena defense issue has landed on your desk, or if a target letter has arrived, the window is now. A federal target letter attorney can often shape or narrow charges before the grand jury votes. That is federal investigation defense at the only moment it enjoys full leverage. After indictment, especially on the Southern District of Florida's fast docket, every option narrows.
If you or your loved ones have been arrested or are under federal investigation for phishing, computer fraud, wire fraud, or any related cybercrime, call Aaron M. Cohen, 24 hours a day to get help.
Frequently Asked Questions

AMC Defense Law represents individuals and families in federal and Florida state cybercrime investigations, in Florida and nationwide.
Listen to Article
Part 1: Introduction
The FTC's May 2026 alert and what fake invitation phishing means for federal exposure

Aaron M. Cohen
Principal Attorney
Aaron M. Cohen is a nationally recognized criminal defense attorney with over 30 years of experience representing individuals and entities in complex criminal investigations and prosecutions across the United States.
View Attorney ProfileRelated Analysis
Venue Still Matters: What the Supreme Court's Abouammo Decision Means for Federal Obstruction and Document Cases in Florida
A 9-0 Supreme Court ruling fixes where the government can try a Section 1519 falsification charge. For Florida defendants, that is leverage, not a footnote.
Ten Years for a $136 Million Telemedicine Scheme | What This Medicare Fraud Sentence Means for Florida Telehealth and DME Operators
120 months. $66 million restitution. What the June 30 sentencing of a Florida telemedicine company owner means for telehealth and DME operators now under federal scrutiny.
Maryland's Postoperative Cosmetic Care Bill and the Scope-of-Practice Trap for Med Spa Recovery Services
Maryland HB1263 found an entire category of post-surgical services has no clear regulation. An oversight gap is not a safe harbor for Florida med spas — it is where federal exposure lives.