Key Points
What you'll learn in this notification
- Campaign impersonating Mimecast and other brands
- Predominately targeting real estate industries in the US
- Uses redirects through various email security rewritten links to a credential harvesting page
"Rikesh Vekaria and the Mimecast threat researchers have recently identified a credential harvesting phishing campaign using the Mimecast brand. The threat actors use carefully designed "secure messages" to trick recipients into believing the emails are legitimate and related to secure communications.
These campaigns leverage templates using Mimecast logos as well as other company logos to enhance their authenticity but always include the Mimecast disclaimer at the bottom of the email to further deceive the target. Real Estate companies seem to be a primary target for this campaign due to their familiarity with receiving secure messages via email. This familiarity increases the likelihood of the campaign's success, as recipients may be more inclined to trust and engage with communications that resemble legitimate secure messages.
Please click here to read the entire article.
We welcome your questions; please ask them by posting a comment below.
Dimakatso Makinta
