Los Alamos residents warned about phishing emails posing as Punchbowl invites
A fake Punchbowl invite can steal Los Alamos logins with one careless click, and the risk can spread from email to bank and other accounts.

A fake Punchbowl invite can do real damage in Los Alamos with one careless click. Rebecca Rutherford warned that an email can look casual enough to slide past a busy inbox, but the point is to steal login credentials, not invite anyone to a party.
The scam plays on habits that are common across Los Alamos County: people use email and calendar tools for school events, neighborhood notices, work schedules and civic gatherings. The message often uses a friendly, slightly sloppy subject line, then pushes the recipient to click and sign in as if the request were routine. That is the trap. A legitimate invitation should not require you to enter credentials after an unexpected link lands in your inbox.

The warning fits a wider pattern that federal and university security teams have been seeing this year. On May 26, the Federal Trade Commission said unexpected “You’re invited” texts and emails were circulating, often imitating services such as Evite or Paperless Post. Those messages sometimes ask for an email username and password, or for a phone number and special code, and the FTC says phishing scams can open the door to email, bank or other accounts once credentials are stolen. Evite has also reported a notable rise in phishing scams beginning in early 2026, and Punchbowl says it has received reports of scam emails that imitate its brand but are not sent through its platform.
The local red flags are plain if residents pause long enough to look: an invitation they did not expect, a request to authenticate after clicking, branding that feels familiar but arrives out of the blue, and wording that tries to make a risky step feel harmless. Washington University’s Office of Information Security said fake Punchbowl invitations were even used to deliver malicious software when users clicked the graphic or preview link, showing that the threat is not limited to stolen passwords. Cofense has also described Punchbowl-abuse campaigns that used branded phishing pages to impersonate familiar services such as Microsoft, Yahoo, AOL, Google and Dropbox.
If a suspicious invite lands in your inbox, stop before clicking, verify the sender through a separate channel, and do not type in credentials. If a password or account detail was entered, treat the account as exposed, since stolen logins can be used to reach email and other connected services. Report the message through the FTC’s fraud reporting site, and use New Mexico Department of Information Technology cybersecurity resources to keep the risk from spreading beyond one inbox. In a county where so much daily life now runs through digital invitations, one fake party invite can become a countywide security problem.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


