Community Discussions

Recent Discussions

Introducing Human Risk Scorecards for End Users in Mimecast Engage
Mimecast Engage’s new Human Risk Scorecards for end users put actionable security insights directly in your people’s hands—helping everyone understand, own, and improve their role in protecting your organization. See Your Security Impact—One User at a Time Mimecast is excited to announce the launch of Human…
The Impact of New Outlook on Mimecast Products: What You Need to Know
Microsoft's New Outlook represents a significant shift in how organizations interact with their email systems. This transition has important implications for Mimecast customers using products like Large File Send, Secure Messaging, Continuity, and Cybergraph. Let us explore what these changes mean and how to navigate them…
HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
Creating Effective Holiday Shopping Phishing Templates
As the holiday season approaches, cybercriminals ramp up their efforts to exploit shoppers’ excitement for deals and promotions. Crafting realistic phishing templates that mimic the offers from popular retailers is a crucial step in preparing security awareness training for employees and customers alike. In this…
URL Pre Scanning Available Now!
Stop Malicious URLs Before They Reach Your Users Inbox Email security is evolving, and Mimecast is leading the charge with a fundamental shift in how we protect your organization from URL-based threats. We're excited to announce URL Pre-Delivery Scan—a capability that transforms our approach from reactive protection to…
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
Building a Realistic and Global Phishing Simulation Library
In today’s digital landscape, phishing attacks remain one of the most persistent threats to individuals and organizations alike. To empower security teams with robust simulation tools that reflect the evolving tactics of cybercriminals, our team embarked on a project to develop a comprehensive set of phishing templates.…
10 Emerging Cyber Threats To Watch Closely In 2026
Good day Community - I found this article in Cyber Management Alliance and wanted to share it and get your thoughts: no surprise AI is on the list 😎 "Emerging cyber threats are racing through blind spots that didn’t even exist a year ago. What used to be a “rare exploit” is now a Tuesday afternoon. And the problem is that…
Mimecast Global Threat Intelligence Report – Policy Recommendations
Essential Mimecast Configurations Based on 2025 Global Threat IntelligenceThe cybersecurity landscape continues to evolve at breakneck speed, and our 2025 Global Threat Intelligence Report reveals concerning trends that demand immediate attention. Advanced business email compromise attacks are becoming more sophisticated,…
Verification code stripped out of emails
Good evening, we have some users in Australia who use a company called Telstra as their communication / internet provider. For some unusual reason when they send verification emails containing a code, it is stripped out completely from the body of the email. The actual email arrives but with nothing in the body. Is this…
How are links like this created?
I found a link like this, it redirects you to a link https://url.us.m.mimecastprotect.com/s/sVS7CQWBkofX58jyFx1sOD?domain=github.com, How is it created?
Has anyone been impacted by today's AWS outage?
Amazon Web Services outage hits major websites: What we know so far as recovery begins:From CNBC: https://www.cnbc.com/2025/10/20/amazon-web-services-outage-takes-down-major-websites.html
IT workers in video game space need to be aware of security risks, solutions
Chris Anley, a chief scientist with research firm NCC Group, told IT Brew that security issues in games run the gamut from platform-related concerns like social engineering to standard cyberattacks like ransomware. Those threats aren’t ignored, even if they’re not front-and-center for the IT pros and developers working on…
Let's discuss AI browsers
AI is here to stay, and I am sure many of you are utilizing it to increase productivity and streamline data analysis. Here are some highlights from an article in IT Brew: AI browsers are here, and so are attackers. From the article: "A browser powered by agentic AI could take care of buying plane tickets, setting…
Where Are You Searching?
Good day Community, We work continuously to make Mimecast Community a valuable resource for product education and support to make you productive. Because we strive to improve your experience, I would like to learn what resources you are using outside of Mimecast Community or the Knowledge Hub for product questions. Google…
CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief
AI is here to stay, and Perplexity has launched its new browser, Comet. Before you download it or if you are using it, please see this article from The Hacker News: https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html Please share your thoughts on AI Browsers below. Cheers, Toby
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all…
Turn Security Data into Strategic Value with the Mimecast Human Risk Insights Report
Security leaders face a persistent challenge: demonstrating the tangible value of cybersecurity investments to executive leadership and boards. While threat detection numbers pile up in dashboards, translating those statistics into meaningful impact remains complex. We’re excited to announce the Mimecast Human Risk…
Adaptive Policies in Action
In our previous post, we explored the Human Risk Command Center (HRCC) and how it transforms abstract human behavior into quantifiable metrics. Now we're diving deep into adaptive policies—the intelligent controls that automatically adjust security measures based on user behavior and organizational threats. Read…