A seemingly harmless email invitation could be a gateway for a sophisticated scam. Security researchers have uncovered a new tactic where malicious actors are exploiting the casual nature of event invites to install remote access tools on unsuspecting computers.
The scheme begins with an email resembling a friendly "Save the Date" message, appearing to originate from someone you know. It contains a link promising event details, but clicking it initiates a silent and dangerous download.
Instead of an invitation, your browser automatically downloads a .msi file – an installer for ScreenConnect Client, a legitimate IT support tool. This isn’t a request for an RSVP; it’s a stealthy takeover of your digital life.
Once installed, ScreenConnect grants attackers complete control over your machine. They can monitor your screen, manipulate your mouse and keyboard, and freely transfer files, all without your knowledge, even after a restart.
What makes this scam particularly insidious is its subtlety. There are no urgent warnings or aggressive prompts, just language designed to create a sense of normalcy and social acceptance – phrases like “a friend sent you this” and “it was so easy.”
Be especially wary of unsolicited invitations arriving via standard email, directing you to external websites, and prompting software downloads. Modern event invites are typically delivered through dedicated platforms like Partiful or Evite, which offer a higher level of security.
If you receive a questionable invite, always verify its authenticity with the supposed sender through a separate communication channel – a phone call or text message, for example – before clicking any links or downloading anything.
Signs of a compromised system can be subtle: unexplained cursor movements, windows opening or closing on their own, or unfamiliar processes running in the background. A file named "RSVPPartyInvitationCard.msi" or a service called "ScreenConnect Client" (with random characters appended) are also potential indicators.
If you suspect you’ve fallen victim to this scam, immediately disconnect your computer from the internet. Uninstall ScreenConnect Client and run a comprehensive security scan to detect and remove any malware. Change your important passwords from a clean device.
This scam thrives on trust and the everyday act of responding to invitations. Remaining vigilant and questioning unexpected requests are your strongest defenses against this evolving threat.
