Federal Cybercrime Enforcement
July 8, 2026
12 min read
Aaron M. Cohen

The "You're Invited" Phishing Wave: Federal Charges Behind Fake Invitation Scams

Federal phishing charges carry 20 years per count plus mandatory consecutive time. If agents called about an invitation scam, contact counsel before indictment.
Share this analysis:

Listen to Article

Part 1: Introduction

The FTC's May 2026 alert and what fake invitation phishing means for federal exposure

0:000:00

The party invitation in your inbox might be a break-in tool, and the government is treating it that way. In May 2026, the FTC issued an alert about fake "You're invited" texts and emails dressed up as Evite and Paperless Post invitations. The messages name a host you actually know, then demand your email username and password to view the event. There is no party. There is a credential harvest, an account takeover, and the same message blasted to your entire contact list.

Consumer warnings are only half the story. The other half is what happens to the people the government believes sent those messages, built the fake pages, or bought the stolen logins. Those cases are charged as federal felonies, they stack quickly, and they are landing on defendants younger than most people expect.

🚨 Case Alert

The FTC issued a national consumer alert in May 2026 targeting fake Evite and Paperless Post invitation scams. Federal prosecutors and the IC3 are treating consumer phishing reports as active criminal referrals. If agents have contacted you or a family member, do not wait for an indictment to seek counsel.

A figure at a dark computer workstation crafting fake invitation phishing emails, credential harvest pages visible on multiple monitors

Fake invitation phishing is charged as federal wire fraud. The government pursues the whole supply chain.

A Fake Invitation Is a Credential Harvest With a Guest List

The FTC's May 26, 2026 alert describes the current wave. Scammers send unexpected invitations that look like they come from Evite or Paperless Post, timed to graduation and summer party season. Some list a real acquaintance as the host, which works because the sender is often inside that acquaintance's hijacked account already. To "view the invitation," the target enters an email address and password on a login page the operators control, or shares a reset code by text. Real invitation platforms never require any of that.

One captured mailbox is not the prize. It is the engine. A compromised email account exposes bank logins, brokerage access, tax records, and password resets for everything else, and it becomes the trusted sender for the next round of invitations. That self-spreading structure is why prosecutors treat invitation phishing as an ongoing scheme rather than a one-off intrusion, and why loss figures climb fast once an indictment lands.

The prosecutions are not hypothetical. In the Central District of California, five defendants were charged with wire fraud conspiracy and aggravated identity theft for a scheme that phished employees of victim companies by text message, harvested their credentials, and used the access to steal, among other things, cryptocurrency. One of the five was a 20-year-old from Palm Coast, Florida. In the Southern District of Florida, four defendants drew prison terms for a transnational email fraud scheme run through compromised and spoofed accounts.

Close-up of a fake login page on a monitor with credential data being captured, dark cyber infrastructure backdrop
One compromised mailbox becomes the trusted sender for the next round of invitations. Prosecutors treat the self-spreading structure as an ongoing scheme, and loss figures climb fast.

How Agents Connect a Phishing Message to a Person

Phishing cases get built from infrastructure. Agents subpoena the registrar behind the fake invitation domain, the host behind the login page, and the platforms whose brands were impersonated. They pull IC3 complaints and FTC Consumer Sentinel reports to map the victim pool, then trace where harvested credentials traveled: the Telegram channel where logins were sold, the wallet that received proceeds, the IP addresses that touched the admin panel.

The supply chain is the charging map. One person codes the kit, another rents it, another sends the messages, another buys the harvested credentials, and another turns access into money. Federal conspiracy law under 18 U.S.C. § 1349 lets prosecutors treat every link as part of one scheme, which means a person who only sold "leads" or resold logins can be indicted alongside the people who drained accounts. Many of these defendants are young, recruited through gaming communities and Discord servers, and they are often stunned to learn that reselling someone else's phished credentials is charged the same way as stealing them.

Florida shows up in these cases constantly, as both victim pool and defendant pool. Any South Florida federal criminal defense practice now fields calls from families of young men whose online handles surfaced in a phishing investigation. State prosecutors have their own hook in Fla. Stat. § 815.06, Florida's computer crimes statute, which reaches unauthorized access even where federal prosecutors decline. And the tooling is evolving: AI-generated lures and cloned voices are pushing this work toward AI fraud federal defense territory, where the government's attribution evidence gets more technical and more contestable.

Can I be charged for a phishing scheme I only partially participated in?
Yes. Federal conspiracy law under 18 U.S.C. § 1349 lets prosecutors charge every link in the supply chain as part of one scheme. A person who resold harvested credentials, rented a phishing kit, or sent messages on behalf of others can be indicted alongside ringleaders, facing the same charges and sentence ranges.
Agents subpoena domain registrars, hosting providers, and brand-impersonated platforms. The supply chain is the charging map.
Federal investigators in a cybercrime command center reviewing digital evidence logs and IP address trails

The Statutes and How the Exposure Stacks

The base charges are wire fraud under 18 U.S.C. § 1343, up to 20 years per count, and computer fraud under 18 U.S.C. § 1030, which criminalizes the unauthorized access itself, no theft required. Trafficking in stolen logins is access device fraud under 18 U.S.C. § 1029, with 10 to 15 year maximums depending on the subsection. The count that changes lives is aggravated identity theft under 18 U.S.C. § 1028A: using another person's means of identification during the fraud adds a mandatory two years that runs consecutive to everything else, and prosecutors can charge it per victim.

At sentencing, the guidelines turn on loss, and here is the trap most defendants never see coming: intended loss counts. A phishing page that captured five hundred credential sets can support a loss theory built on what those accounts could have yielded, not what was actually taken. Add enhancements for number of victims, sophisticated means, and mass marketing, and a defendant who personally pocketed a few thousand dollars faces a range measured in years. That is exactly where a wire fraud conspiracy defense earns its fee, because loss attribution, foreseeability, and role are all contestable.

Remember the elements. The government must prove intent to defraud and knowing participation. Building a login page is not a crime. Sending marketing email is not a crime. The case lives or dies on what the defendant knew about how the tools were used, and that is precisely the question agents want answered at your front door before you have counsel.

⚖️ Key Legal Point

Aggravated identity theft under 18 U.S.C. § 1028A carries a mandatory two-year sentence that runs consecutive to all other counts. Prosecutors can charge it per victim. A phishing operation that captured hundreds of credential sets can generate compounding mandatory time, regardless of actual financial loss.

The Early Mistakes That Decide These Cases

Talking to agents without counsel is the first. False statements to federal agents are a separate felony under 18 U.S.C. § 1001, and in a phishing case the entire fight is over knowledge, so any explanation you volunteer becomes the government's exhibit on exactly the element it struggles to prove.

Deleting Telegram channels, wiping devices, or abandoning accounts after agent contact is the second. Prosecutors read deletion as a confession written in reverse, and it converts a triable knowledge case into an obstruction case. The third is continuing to sell access, kits, or "leads" after a grand jury subpoena arrives, because everything after that date looks willful.

The quietest mistake is treating silence from the government as safety. Phishing indictments arrive months after the infrastructure subpoenas go out. The pre-indictment stage is when charging decisions get made, and waiting for an indictment to hire a federal criminal defense attorney forfeits the only phase where the outcome is fully open.

Where the Defense Gets Built

Early intervention comes first. A pre-indictment defense lawyer can establish whether you are a witness, a subject, or a target, open a channel with the prosecutor, and put knowledge and intent evidence in front of the government before it commits to a charging theory. Declinations happen at this stage. They almost never happen after indictment.

Attribution is the second front. The government's case usually runs from a handle to an IP to a person, and every link in that chain can be tested: shared logins, VPN exits, spoofed identifiers, devices used by more than one person in a household. An experienced white collar defense attorney with the right forensic support makes the government prove that the person, not the account, committed the acts.

Proffer decisions deserve real caution, especially for young defendants whose parents want the matter resolved quickly. A proffer agreement can open a path to a declination or a cooperation resolution, and a bad proffer can convert a subject into a defendant in an afternoon. If charges come, the fight moves to intended loss, victim counts, role reductions, and sentencing mitigation built around age, immaturity, and the realistic prospects of a young defendant's future.

Federal indictment papers on a dark wooden desk under harsh lamplight, wire fraud and identity theft charges visible
Declinations happen before indictment. They almost never happen after. Pre-indictment counsel is the only intervention with full leverage over the outcome.

The Window Is Open Now, and It Closes at Indictment

Cyber-enabled fraud sits near the top of the Justice Department's 2026 priorities, the FTC is feeding consumer phishing reports into criminal referrals, and account takeover cases carry political weight because the victims are ordinary families. Charging decisions in these investigations stay fluid for months, then harden overnight.

If agents have contacted you, if a federal grand jury subpoena defense issue has landed on your desk, or if a target letter has arrived, the window is now. A federal target letter attorney can often shape or narrow charges before the grand jury votes. That is federal investigation defense at the only moment it enjoys full leverage. After indictment, especially on the Southern District of Florida's fast docket, every option narrows.

If you or your loved ones have been arrested or are under federal investigation for phishing, computer fraud, wire fraud, or any related cybercrime, call Aaron M. Cohen, 24 hours a day to get help.

Frequently Asked Questions

Is sending phishing emails a federal crime if nobody actually loses money?
Yes. Wire fraud under 18 U.S.C. § 1343 punishes the scheme and the intent, not the success, and 18 U.S.C. § 1030 criminalizes unauthorized access attempts on their own. At sentencing, intended loss can drive the guideline range even where actual loss is minimal, so a failed phishing campaign still carries serious exposure.
I bought or resold login credentials online. Is that a federal offense?
Yes. Trafficking in stolen credentials is access device fraud under 18 U.S.C. § 1029, and using them triggers aggravated identity theft under 18 U.S.C. § 1028A, a mandatory two years consecutive. Conspiracy law also lets prosecutors charge resellers as part of the underlying phishing scheme, even without contact with the original sender.
Federal agents contacted me or my child about a phishing operation. What should we do?
Do not give an interview or consent to a device search without counsel. The contested element in these cases is knowledge, and statements made at the door supply it. False statements are separately charged under 18 U.S.C. § 1001. Decline politely and call a federal investigation defense attorney the same day, because the pre-indictment window is where these cases get shaped.
Can Florida prosecute a phishing case if federal prosecutors do not?
Yes. Fla. Stat. § 815.06 makes unauthorized access to computers and user accounts a state felony, and Florida prosecutors use it where federal declination leaves a gap. A Florida defendant can face state charges, federal charges, or sequential attention from both, which makes early coordinated defense strategy essential.
Aaron M. Cohen, federal criminal defense attorney, reviewing cybercrime defense strategy at his desk under dramatic office lighting

AMC Defense Law represents individuals and families in federal and Florida state cybercrime investigations, in Florida and nationwide.

If the legal developments discussed in this article affect your case, don't wait.

Aaron M. Cohen, Principal Attorney

Aaron M. Cohen

Principal Attorney

Aaron M. Cohen is a nationally recognized criminal defense attorney with over 30 years of experience representing individuals and entities in complex criminal investigations and prosecutions across the United States.

View Attorney Profile
Continue reading
30+ Years of Federal & State Defense Experience

Need Expert Legal Defense?

Facing federal gun or drug charges in South Florida? The DOJ's aggressive enforcement climate demands experienced federal defense counsel. Our team understands the complex intersection of firearms and narcotics law.

All consultations are completely confidential