Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

SeasonalInvite: New Phishing Campaign Abuses eCards and RMM

0
Medium
Published: 07/15/2026 (07/15/2026, 13:25:14 UTC)
Source: Reddit Cybersecurity

Description

SeasonalInvite is a phishing campaign identified in 2026 that abuses commercial Remote Monitoring and Management (RMM) tools and eCards to conduct social engineering attacks aligned with seasonal events. The campaign has been active since at least January 2026 and leverages legitimate RMM software to facilitate malicious activity. There is no specific patch or fix since this is a phishing campaign exploiting social engineering and tool misuse rather than a software vulnerability. Organizations are advised to maintain strict control and inventory of approved RMM tools to mitigate risk.

Reddit Discussion

r/cybersecurity·posted by u/danielrs_
00

Our team has just published new research about a phishing campaign that has been abusing commercial Remote Monitoring and Management (RMM) tools on victims since at least January 2026, using social engineering themes tied to the seasonal calendar: https://www.forescout.com/blog/seasonalinvite-new-phishing-campaign-abuses-ecards-and-rmm/

This is just one more example of RMM abuse, which we see increasing. We recommend organizations to control their usage by having an approved inventory/policy of tools that can be used in the network. There's a free list of RMMs and their forensic artifacts on https://lolrmm.io/ (not maintained by us).

Let me know if you have any questions about this campaign or similar activity.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/15/2026, 15:47:52 UTC

Technical Analysis

The SeasonalInvite phishing campaign uses social engineering tied to seasonal themes and abuses commercial Remote Monitoring and Management (RMM) tools to compromise victims. The campaign has been observed since January 2026 and represents an example of increasing abuse of RMM software by attackers. The campaign involves sending phishing messages that include eCards and leverage RMM capabilities to facilitate malicious actions. The threat is primarily operational and procedural rather than a software vulnerability. Mitigation focuses on organizational controls over RMM tool usage rather than technical patches.

Potential Impact

The campaign enables attackers to leverage legitimate RMM tools to gain unauthorized access or control over victim systems through phishing and social engineering. This can lead to compromise of network resources, data exposure, or further malicious activity facilitated by the abused RMM software. The impact is medium severity given the social engineering vector combined with the use of trusted management tools, increasing the likelihood of successful compromise if controls are insufficient.

Mitigation Recommendations

There is no software patch applicable for this phishing campaign. Organizations should implement strict policies to control and inventory approved RMM tools within their networks. Monitoring and restricting the use of RMM software can reduce the risk of abuse. User awareness training on phishing and social engineering, especially around seasonal themes, is recommended. The vendor manages no cloud service remediation for this threat. Check the referenced vendor advisory and research links for ongoing updates.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":41,"reasons":["external_link","newsworthy_keywords:campaign,phishing campaign","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":["campaign","phishing campaign"],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a57ab8e68715ace43fd7071

Added to database: 07/15/2026, 15:47:26 UTC

Last enriched: 07/15/2026, 15:47:52 UTC

Last updated: 07/15/2026, 16:47:34 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses