-
SVG Attachment Abuse : 31st March 2025
Key Points What you'll learn in this notification Campaign using Scalable Vector Graphics (SVG) with JavaScript redirects Users are redirected to credential harvesting pages or download malware Rikesh Vekaria, Marcin Ulikowski, and the Mimecast threat researchers have recently identified several campaigns utilising…
-
Mimecast Phishing Campaign : 18 March 2025
Key Points What you'll learn in this notification Campaign impersonating Mimecast and other brands Predominately targeting real estate industries in the US Uses redirects through various email security rewritten links to a credential harvesting page "Rikesh Vekaria and the Mimecast threat researchers have recently…
-
JavaScript and Captcha Obfuscation : 10 March 2025
Key Points What you'll learn in this notification Threat operations are implementing sophisticated anti-analysis measures within CAPTCHA pages to evade detection and prevent investigation. The malicious pages actively detect security tools and redirect to innocuous destinations when identified, avoiding scrutiny by…
-
Impersonating Booking.com : 24 February 2025
Key Points What you'll learn in this notification Targeting hospitality sector predominately in the UK Operation employs the “Clickfix” technique to enhance its effectiveness Malware associated with these campaigns has been identified as LummaC, a popular infostealer Mimecast Threat Researchers have observed a malware…
-
Missing A Delivery : 12 February 2025
Key Points What you'll learn in this notification Targeting Not for Profit and Housing sectors predominantly in the UK Distributed via Biglobe with AWS S3 buckets hosting HTML pages The primary intent is exfiltrate sensitive data Mimecast Threat Researchers have observed a phishing campaign using the lure of a missed…
-
Copyright Infringement : 12 February 2025
Key Points What you'll learn in this notification Targeting Retail, Travel and Hospitality sectors predominately in the UK and US Consistent traffic picking up from August 2024 till end of the year The primary intent is to deliver an infostealer to exfiltrate sensitive data Mimecast Threat Researchers have been monitoring…
-
Facebook Account Takeover : 29 January 2025
Key Points What you'll learn in this notification Predominately targeting Retail, Media/Publishing businesses in the US and UK Campaigns are distributed via Recruitee, a legitimate recruitment CMS The primary intent is for credential harvesting Mimecast Threat Researchers are monitoring a phishing campaign using Recruitee,…
-
Getting User to Copy/Paste Links : 12 February 2025
Key Points What you'll learn in this notification Predominately targeting Legal, Retail and Manufacturing businesses in the US Campaigns are distributed via AWS SES sent via a python mailer The primary intent is for credential harvesting Threat actors are encouraging users to interact with malformed links via email copy…
-
Open Spoofing : 12 February 2025
Key Points What you'll learn in this notification TO3028 is a sophisticated threat actor known for exploiting weaknesses in modern security systems to execute high-impact campaigns. Recent campaigns leverage ISP infrastructure with weak authentication to spoof trusted brands and distribute phishing emails at scale. The…