How to Spot Phishing Emails Targeting Seniors: A Real PunchBowl Scam Example

Recently, my wife received an email from an elderly friend containing an online party invitation. The email immediately seemed suspicious, so she forwarded it to me to check. After one quick glance, several red flags made it clear this was likely a phishing attempt. In this blog post, I want to break down what I found to help others protect their elderly loved ones from common phishing scams.

While the message came from the friend’s real email address, it didn’t include the usual warning signs like misspellings or obvious grammar errors. The email claimed to come from PunchBowl, a legitimate invitation service, but every clickable link pointed to a website that was not PunchBowl’s domain.

Hovering over any link shows the real URL in the bottom-left corner. As shown in the screenshot, these links are directed to a suspicious hikersloverfeelsdzoo address. Clicking it leads to a page designed to look safe but contains several phishing indicators.

To someone unfamiliar with online scams, the page may seem harmless. However, a service like PunchBowl will never require recipients to log in with their personal email just to view an invitation.

Any information typed into these fake form fields is sent directly to scammers. They can then attempt to log into the victim’s account and continue forwarding similar phishing emails to new contacts. While these pages are easy to spot for tech-savvy users, many people—especially seniors—may not recognize the danger.

If you know someone who might fall for these attacks, take a moment to teach them what to look for. Senior citizens are among the most targeted groups for phishing emails. A few months ago, I taught a cybersecurity awareness course at a local church, and this is exactly the type of scam we discussed—one that circulates daily and continues to trick countless people.

Although this particular phishing email could have included more convincing details, it’s already effective enough to fool many victims. Staying informed and spreading awareness is one of the best ways to prevent these cyberattacks.