Feeds.Feedburner
SeasonalInvite Phishing Campaign Targets Users with Fake eCards
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The SeasonalInvite phishing campaign has been active since January 2026, targeting Windows and macOS users by tricking them into installing legitimate remote monitoring and management (RMM) software via fake eCards. The operation employs a rotating set of calendar-themed lures, including tax and holiday invitations. Victims are directed to phishing pages that impersonate the BlueMountain eCard service, where an operating-system-specific installer is automatically downloaded. The campaign has utilized 959 domains and has been confirmed to abuse four commercially signed RMM tools: ConnectWise ScreenConnect, LogMeIn Resolve, Kaseya, and O&O Syspectr. The installers bypass standard security checks due to their legitimate signatures. The phishing pages also harvest user data, including IP addresses and browser information. Forescout recommends organizations maintain an inventory of RMM tools and enhance email filtering to mitigate risks.
Key Points: • The SeasonalInvite phishing campaign has targeted users since January 2026. • The operation uses fake eCards to deliver legitimate RMM software installers. • Forescout identified 959 domains involved and recommended enhanced security measures.