-
Hospitality-Focused Phishing Campaign Impersonates Expedia and Cloudbeds : 8 September 2025
Key Points Large-scale credential harvesting campaign targeting hospitality industry professionals Impersonates trusted hotel management platforms Expedia Partner Central and Cloudbeds Campaigns exploit trust in routine hotel reservation and commission notifications Campaign Overview Samantha Clarke, Ankit Gupta and…
-
ScreenConnect Super Admin Credential Harvesting : 25 August 2025
Key Points Low-volume spear phishing operation sending up to 1,000 emails per campaign run Initial access for potential ransomware deployment Senior IT professionals and administrators with super admin privileges Adversary-in-the-middle (AITM) phishing using EvilGinx framework Campaign Overview Samantha Clarke and the…
-
BEC Campaign Using AI Generated Fake Email Threads. : 11 August 2025
Key Points Large-scale BEC invoice fraud campaign targets global organizations across multiple industries using urgent payment requests to exploit time-sensitive business processes. Attackers deploy sophisticated automation including AI-generated email content, programmatic file creation, and headless browser technology…
-
Awardco Employee Rewards Platform Phishing Campaign : 18 August 2025
Key Points Multi-month campaign impersonating Awardco employee rewards platform targeting entire organizations since May 2025 Sophisticated evasion using multiple redirect chains, legitimate security URL solutions, and various delivery methods including QR codes Campaign leverages universal employee expectation of rewards…
-
UK Home Office Phishing Campaign Targeting Visa Sponsor Licence Holders : 12 August 2025
Key Points Phishing campaign targeting UK sponsor licence holders through fraudulent Home Office impersonation Attackers seek to compromise Sponsorship Management System (SMS) credentials for financial exploitation and data theft Campaign utilizes captcha-gated URLs and convincing government domain spoofing to bypass…
-
Direct Send Abuse : 6 August 2025
Key Points Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails The technique effectively circumvents perimeter security solutions by routing malicious emails through Microsoft 365's trusted infrastructure Requires no credentials or tokens, only knowledge of the target domain…
-
Grandoreiro Infostealer Campaign : 4 August 2025
Key Points The Grandoreiro banking trojan targets financial institutions and users across Latin America and is expanding globally. Sophisticated phishing campaigns impersonate government tax agencies and law enforcement. Geofenced infrastructure ensures targeted delivery to specific regions. Multi-stage attacks leverage…
-
Sextortion scams using invoicing and accounting services for distribution : 14 July 2025
Key Points Sextortion scams distributed through online invoicing and accounting services There similar campaigns identified using same Bitcoin address for payment Evasion techniques used to bypass security solutions Predominately targeting US and Australian businesses The Mimecast Threat Research team has identified a new…
-
Copyright Infringement : 12 February 2025
Key Points What you'll learn in this notification Targeting Retail, Travel and Hospitality sectors predominately in the UK and US Consistent traffic picking up from August 2024 till end of the year The primary intent is to deliver an infostealer to exfiltrate sensitive data Mimecast Threat Researchers have been monitoring…
-
Facebook Account Takeover : 29 January 2025
Key Points What you'll learn in this notification Predominately targeting Retail, Media/Publishing businesses in the US and UK Campaigns are distributed via Recruitee, a legitimate recruitment CMS The primary intent is for credential harvesting Mimecast Threat Researchers are monitoring a phishing campaign using Recruitee,…
-
Getting User to Copy/Paste Links : 12 February 2025
Key Points What you'll learn in this notification Predominately targeting Legal, Retail and Manufacturing businesses in the US Campaigns are distributed via AWS SES sent via a python mailer The primary intent is for credential harvesting Threat actors are encouraging users to interact with malformed links via email copy…
-
Open Spoofing : 12 February 2025
Key Points What you'll learn in this notification TO3028 is a sophisticated threat actor known for exploiting weaknesses in modern security systems to execute high-impact campaigns. Recent campaigns leverage ISP infrastructure with weak authentication to spoof trusted brands and distribute phishing emails at scale. The…