-
Why We're Turning On Advanced BEC Protection For All Licensed Users
The FBI just put a number on it. $3 billion lost to business email compromise in 2025. Average loss per incident: $123,000. 86% of it moved by wire or ACH before anyone noticed. None of that money was stolen. It was authorized by a person who received something convincing and acted on it. That is the gap traditional…
-
AI Brand Impersonation Targets Meta Business Accounts Through Malicious Mobile Apps
Key Points Over 35k coordinated phishing campaign across April impersonating Google Gemini and OpenAI/ChatGPT to distribute credential-harvesting mobile applications Fraudulent apps pose as AI-powered advertising tools but capture Facebook/Meta login credentials Campaign targets social media managers with access to Meta…
-
Maximizing Mimecast - April Session Recap: Threat Protection
If you joined our latest Maximizing Mimecast session for Email & Collaboration Threat Protection, thank you so much for taking the time and being actively engaged with optimizing your Mimecast investment. If you missed the April 16 session, here's a quick recap. We covered three key areas: Account Takeover (ATO)…
-
XRed Malware Campaign Targets Multinational Organizations : 10 December 2025
Key Points Malware campaign impersonating the Indian Ministry of Finance and Income Tax Department Low-volume, strategically targeted campaign predominantly spanning financial services, professional services, and corporate services sectors across UK and US businesses with entity in India VBS script downloads and executes…
-
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
-
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
-
HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
-
URL Pre Scanning Available Now!
Stop Malicious URLs Before They Reach Your Users Inbox Email security is evolving, and Mimecast is leading the charge with a fundamental shift in how we protect your organization from URL-based threats. We're excited to announce URL Pre-Delivery Scan—a capability that transforms our approach from reactive protection to…
-
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…
-
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…