Researchers have observed new spear-phishing campaigns, dubbed VIP3R, aimed at certain organizations and individuals via infected HTML attachments. If opened, victims are directed at a phishing page impersonating a service often used by them, where they are are urged to input their username and password.