International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

SeasonalInvite campaign abuses legitimate remote management tools to gain persistent access

by Guru Writer
July 14, 2026
in News
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

SeasonalInvite Phishing Campaign

Share on FacebookShare on Twitter

New research from Forescout has uncovered a sophisticated phishing campaign that uses fake seasonal eCard invitations to trick victims into installing legitimate remote management software, giving attackers long-term access to compromised devices.

The campaign, dubbed SeasonalInvite by Forescout Research’s Vedere Labs, has been active since at least January 2026 and demonstrates how cybercriminals are increasingly combining social engineering, trusted enterprise software, and AI assisted development techniques to evade traditional security defences.

The full research is available here: SeasonalInvite research

Fake eCards lure victims

According to the report, the attackers use phishing emails disguised as seasonal eCard invitations to persuade users to install legitimate Remote Monitoring and Management (RMM) tools.

Rather than deploying traditional malware, the campaign abuses commercially available software that is commonly used by IT administrators for remote support. Once installed, the tools provide attackers with persistent remote access to compromised systems.

The campaign targets both Windows and macOS users.

During its investigation, Forescout confirmed the abuse of four legitimate RMM platforms:

  • ConnectWise ScreenConnect
  • LogMeIn Resolve
  • Kaseya
  • O&O Syspectr

Because these applications are widely trusted within enterprise environments, they are less likely to trigger traditional security controls.

Hundreds of phishing domains identified

Researchers identified a large infrastructure supporting the campaign, including 959 domains themed around electronic greeting cards.

The attackers also operated a sophisticated Traffic Distribution System (TDS) consisting of 2,658 gate pages. The infrastructure was designed to direct legitimate victims to phishing websites while preventing automated security scanners from detecting malicious content.

According to Forescout, this approach makes the campaign significantly harder for security researchers and automated detection systems to identify.

Evidence points to AI generated phishing pages

One of the report’s most notable findings is evidence suggesting the phishing kit itself was created with the assistance of artificial intelligence.

Researchers found indicators that the phishing pages contained AI generated code, leading them to believe the threat actor used a large language model to build delivery pages and quickly adapt the campaign over time.

The findings reflect a growing trend of cybercriminals using AI to accelerate phishing operations, reduce development time, and rapidly generate convincing attack infrastructure.

Trusted software becomes the attack vector

Forescout said SeasonalInvite demonstrates how attackers are shifting away from custom malware in favour of abusing legitimate enterprise tools that organisations already trust.

By combining social engineering with legitimate remote management software and AI assisted development, threat actors can bypass many traditional endpoint security controls while maintaining long-term access to victim devices.

The researchers warn that organisations should not rely solely on malware detection to identify these attacks. Instead, they recommend monitoring for the unauthorised installation and use of remote management tools, strengthening phishing awareness training, and implementing controls that can detect suspicious behaviour rather than simply malicious files.

As attackers continue to refine their techniques, campaigns like SeasonalInvite highlight how trusted software and artificial intelligence are becoming powerful tools in the modern cybercriminal’s arsenal.

Tags: cybersecurityForescoutPhishingphishing campaign
ShareTweet
Previous Post

Lidl Confirms Data Breach After Third-Party IT Provider Hack

Recent News

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026
Lidl Confirms Data Breach After Third-Party IT Provider Hack

Lidl Confirms Data Breach After Third-Party IT Provider Hack

July 14, 2026
Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

July 14, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

AI has crossed from assistant to operator, Check Point research warns

July 14, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol