Punchbowl Phishing Attack Explained: How Digital Invites Are Used to Steal Credentials

Cofense Phishing Defense Center analyzed a phishing campaign that leverages digital invitation platforms to trick recipients into clicking RSVP links which redirect to credential-harvesting pages impersonating popular providers (Microsoft, Google, Yahoo, AOL, Dropbox). The report includes screenshots of the phishing pages, whois information for malicious domains, observed infection and payload URLs (hXXp://t.ly/KwKzQ and hXXps://dry.za.com/if1/) with associated IPs, explains likely attacker motives (credential theft, resale, BEC), and provides user-focused mitigations such as verification of invites, careful inspection of login redirects, password resets, and enabling MFA.