Matthew Gardiner is a Senior Product Marketing Manager at Mimecast and is currently focused on email security, phishing, malware, and cloud security.
It is probably not news to anyone that attackers are very creative and look to fool users in an organization, any way they can, into releasing information or taking actions that they shouldn’t.
Along these lines, it has come to our attention that certain email communications purported to be coming from Mimecast are being sent to select organizations.
As a warning, we have pushed a short communication to all Mimecast administrators via the Mimecast Administration Console (copied below). Rest assured that Mimecast security services are addressing this attack, and we will continue to monitor this threat and make any defensive changes as needed.
For any application, including your Mimecast services, one important security control that can help mitigate login or credential loss related risks is the use of multi-factor authentication for your admins and end-users. This blog and the associated KB article provides more information on how to configure multi-factor authentication for your Mimecast administrators and end-users.
Of course, the overriding lesson here, as in all situations, is to never to click a link in a suspicious-looking email. And any email which asks for information which is personal, including but not limited to a login or a password, should be considered suspicious.
Notice Recently Published in the Mimecast Admin Console:
Please remember that Mimecast will never send an advisory that requires your staff to provide personal information or login details. Any unsolicited email message which asks you to provide this information by entering it into a purported Mimecast Administrative or User application is illegitimate. Be suspicious, and if you receive such a message or have any questions about the authenticity of such a communication, please raise a case with Mimecast Support. We also suggest that you review our Enhanced Security Options for more detail on securing your account.