Connect, collaborate, and explore everything Mimecast. Ask questions, join conversations, and contribute your expertise. Together, we can learn, solve challenges, and make the most of Mimecast's products and services. Thank you for being a part of the Mimecast Community!
You are currently in a limited view of the community, but there's so much more to discover! Need some support? Have a question to ask?
Key Points Low-volume spear phishing operation sending up to 1,000 emails per campaign run Initial access for potential ransomware deployment Senior IT professionals and administrators with super admin privileges Adversary-in-the-middle (AITM) phishing using EvilGinx framework Campaign Overview Samantha Clarke and the…
Key Points Large-scale BEC invoice fraud campaign targets global organizations across multiple industries using urgent payment requests to exploit time-sensitive business processes. Attackers deploy sophisticated automation including AI-generated email content, programmatic file creation, and headless browser technology…
Security leaders face a persistent challenge: demonstrating the tangible value of cybersecurity investments to executive leadership and boards. While threat detection numbers pile up in dashboards, translating those statistics into meaningful impact remains complex. We’re excited to announce the Mimecast Human Risk…
In our previous post, we explored the Human Risk Command Center (HRCC) and how it transforms abstract human behavior into quantifiable metrics. Now we're diving deep into adaptive policies—the intelligent controls that automatically adjust security measures based on user behavior and organizational threats. Read…
The Multi-Vector Threat Reality A successful phishing campaign targeting your employees doesn't end when malicious content reaches an inbox. It extends to endpoint compromise, lateral movement, and data exfiltration. Yet most organizations find themselves managing these interconnected threats through isolated security…
Key Points Multi-month campaign impersonating Awardco employee rewards platform targeting entire organizations since May 2025 Sophisticated evasion using multiple redirect chains, legitimate security URL solutions, and various delivery methods including QR codes Campaign leverages universal employee expectation of rewards…
Key Points Phishing campaign targeting UK sponsor licence holders through fraudulent Home Office impersonation Attackers seek to compromise Sponsorship Management System (SMS) credentials for financial exploitation and data theft Campaign utilizes captcha-gated URLs and convincing government domain spoofing to bypass…
Key Points Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails The technique effectively circumvents perimeter security solutions by routing malicious emails through Microsoft 365's trusted infrastructure Requires no credentials or tokens, only knowledge of the target domain…
Welcome to part one of our two-part deep dive into Mimecast's Human Risk Command Center (HRCC). In this first installment, we'll explore what the Command Center is and how it operates from a workflow perspective. Part two will focus exclusively on adaptive policies—examining how these intelligent controls automatically…
Key Points Threat actors utilizing HTML tag obfuscation to evade email security detection CSS styling techniques render malicious content evading security solutions while appearing legitimate to end users Brand impersonation campaigns leveraging Microsoft copyright obfuscation Campaign Overview The Mimecast Threat Research…
Key Points The Grandoreiro banking trojan targets financial institutions and users across Latin America and is expanding globally. Sophisticated phishing campaigns impersonate government tax agencies and law enforcement. Geofenced infrastructure ensures targeted delivery to specific regions. Multi-stage attacks leverage…
Key Points Sextortion scams distributed through online invoicing and accounting services There similar campaigns identified using same Bitcoin address for payment Evasion techniques used to bypass security solutions Predominately targeting US and Australian businesses The Mimecast Threat Research team has identified a new…