Phishing Attack Uses Trusted Remote Access Tools to Hit 80+ Organizations

What's Happening

Cybercriminals are running an active phishing campaign that has successfully compromised over 80 US organizations. Instead of using traditional malware, these attackers are weaponizing legitimate remote management tools like SimpleHelp and ScreenConnect. This matters right now because your business could be next, and the attack looks completely normal to most security software.

The Details

Here's how this attack works. Employees receive convincing phishing emails that appear to come from trusted sources like IT support or business partners. These emails contain urgent requests that pressure people to act quickly, like "Your system needs an immediate security update" or "Access this shared document now."

When someone clicks the link and follows instructions, they're actually downloading real, legitimate remote access software. Tools like SimpleHelp and ScreenConnect are used every day by honest IT professionals to help fix computer problems from afar. That's exactly why this attack is so dangerous.

Once installed, these tools give attackers complete remote control over the victim's computer. They can access files, steal credentials, monitor everything you type, and move through your entire network. Because the software itself is legitimate, many antivirus programs won't flag it as suspicious. The attackers hide in plain sight, using professional tools that belong in a business environment.

Who Is Affected

Small and medium-sized businesses are the primary targets of this campaign. If your company has fewer than 500 employees, you're in the sweet spot for these attackers. They know smaller organizations often lack dedicated security teams but still handle valuable data and financial systems.

Employees who regularly receive emails from external partners, vendors, or clients face the highest risk. This includes procurement staff, accounts payable teams, human resources personnel, and customer service representatives. Anyone whose job involves clicking links in emails from people outside your organization needs to be extra cautious right now.

What You Should Do Right Now

1. Talk to your team today about suspicious emails. Hold a five-minute meeting or send a message explaining that legitimate IT support will never ask them to install software via email links.

The Bigger Picture

This campaign represents a troubling evolution in phishing attacks. Cybercriminals are getting smarter about avoiding detection by using tools that security software trusts. The most sophisticated attacks now exploit human psychology rather than software vulnerabilities. Staying informed about these tactics is your best defense, because your employees are both your weakest link and your strongest protection.

How GetCyberRight Can Help

Our GCR Scam Guard tool helps identify suspicious phishing emails before your employees click dangerous links. It analyzes email patterns, sender authenticity, and common phishing tactics to flag potential threats. Think of it as a second set of expert eyes reviewing emails alongside your team, catching the subtle warning signs that busy employees might miss during a hectic workday.