SeasonalInvite Phishing Campaign Targets Users with Fake eCards

SeasonalInvite Phishing Campaign Targets Users with Fake eCards

First seen 16 Jul 2026, 20:33 UTC Infosecurity-MagazineFeeds.Feedburner 86% similarity 69.0

Article Content

Browse articles
ThreatCluster

The SeasonalInvite phishing campaign has been active since January 2026, targeting Windows and macOS users by tricking them into installing legitimate remote monitoring and management (RMM) software via fake eCards. The operation employs a rotating set of calendar-themed lures, including tax and holiday invitations. Victims are directed to phishing pages that impersonate the BlueMountain eCard service, where an operating-system-specific installer is automatically downloaded. The campaign has utilized 959 domains and has been confirmed to abuse four commercially signed RMM tools: ConnectWise ScreenConnect, LogMeIn Resolve, Kaseya, and O&O Syspectr. The installers bypass standard security checks due to their legitimate signatures. The phishing pages also harvest user data, including IP addresses and browser information. Forescout recommends organizations maintain an inventory of RMM tools and enhance email filtering to mitigate risks.

Key Points: • The SeasonalInvite phishing campaign has targeted users since January 2026. • The operation uses fake eCards to deliver legitimate RMM software installers. • Forescout identified 959 domains involved and recommended enhanced security measures.

ThreatCluster AI

Timeline

2026-01-01
SeasonalInvite campaign begins
The phishing operation starts targeting users with fake eCards, using seasonal themes to lure victims.
Infosecurity Magazine
2026-06-30
Campaign still active
The SeasonalInvite campaign continues to serve payloads, indicating ongoing activity and potential for new victims.
Infosecurity Magazine
2026-07-14
Forescout research published
Forescout releases findings detailing the phishing campaign's methods and tools used.
Infosecurity Magazine
2026-07-15
Infosecurity Magazine reports on findings
Infosecurity Magazine publishes an article summarizing Forescout's research on the SeasonalInvite campaign.
Infosecurity Magazine
2026-07-16
Feeds.Feedburner publishes summary
A brief article summarizes the SeasonalInvite phishing campaign, reiterating key points from Infosecurity Magazine.
Feeds.Feedburner

Community

Browse all →