"Believing that accepting an unsolicited dinner invitation in 2024 entails downloading and opening a zip file from a completely random website will never not baffle the daylights out of me. Talk about fish in a barrel."
I expect that the people targeted get these sorts of invitations to all sorts of receptions. Some form of automated RSVP system that then requires the person to fetch their invitation to show at the door might be new, but not out and out weird. Was it a 'random' website? I see plenty of legitimate invitation/registration web sites that are branded with the entity hosting the event but the web address is that of the outsourced registration company. I'm careful about not clicking links in emails, but going to the official website and finding the signup link from there for the event. I expect to go to the National Association of Broadcasters convention next month and I know they use a third party company to manage signups and class registrations. This means I'm getting spammed with all sorts of crap leading up the show. It all gets flushed away since I can't be bothered, but there could be some malware in that if a list of attendees was hacked and those people sent something that looks like it's related.
The senior community where my mother lives has all sorts of events going on so it wouldn't be strange for her to receive a notice of something happening and the need to sign up since there's only so much space and they need to estimate food and drink. This is the sort of thing that worries me. She's going to catch the obvious phishing, but something polished enough and not too out of the norm might not.