Community Discussions

Recent Discussions

Microsoft Defender Threat Sharing Integration
The Multi-Vector Threat Reality A successful phishing campaign targeting your employees doesn't end when malicious content reaches an inbox. It extends to endpoint compromise, lateral movement, and data exfiltration. Yet most organizations find themselves managing these interconnected threats through isolated security…
Awardco Employee Rewards Platform Phishing Campaign : 18 August 2025
Key Points Multi-month campaign impersonating Awardco employee rewards platform targeting entire organizations since May 2025 Sophisticated evasion using multiple redirect chains, legitimate security URL solutions, and various delivery methods including QR codes Campaign leverages universal employee expectation of rewards…
UK Home Office Phishing Campaign Targeting Visa Sponsor Licence Holders : 12 August 2025
Key Points Phishing campaign targeting UK sponsor licence holders through fraudulent Home Office impersonation Attackers seek to compromise Sponsorship Management System (SMS) credentials for financial exploitation and data theft Campaign utilizes captcha-gated URLs and convincing government domain spoofing to bypass…
BEC Campaign Using AI Generated Fake Email Threads. : 11 August 2025
Key Points Large-scale BEC invoice fraud campaign targets global organizations across multiple industries using urgent payment requests to exploit time-sensitive business processes. Attackers deploy sophisticated automation including AI-generated email content, programmatic file creation, and headless browser technology…
Direct Send Abuse : 6 August 2025
Key Points Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails The technique effectively circumvents perimeter security solutions by routing malicious emails through Microsoft 365's trusted infrastructure Requires no credentials or tokens, only knowledge of the target domain…
HTML Tag Obfuscation : 21 July 2025
Key Points Threat actors utilizing HTML tag obfuscation to evade email security detection CSS styling techniques render malicious content evading security solutions while appearing legitimate to end users Brand impersonation campaigns leveraging Microsoft copyright obfuscation Campaign Overview The Mimecast Threat Research…
Grandoreiro Infostealer Campaign : 4 August 2025
Key Points The Grandoreiro banking trojan targets financial institutions and users across Latin America and is expanding globally. Sophisticated phishing campaigns impersonate government tax agencies and law enforcement. Geofenced infrastructure ensures targeted delivery to specific regions. Multi-stage attacks leverage…
Sextortion scams using invoicing and accounting services for distribution : 14 July 2025
Key Points Sextortion scams distributed through online invoicing and accounting services There similar campaigns identified using same Bitcoin address for payment Evasion techniques used to bypass security solutions Predominately targeting US and Australian businesses The Mimecast Threat Research team has identified a new…
Administration Console Menu Update
Mimecast is committed to continuously improving the user experience for our customers. As part of this effort, we’re excited to announce upcoming changes to the Administration Console menu. These changes are designed to streamline navigation, reduce complexity, and provide a foundation for future improvements. Why are we…
Turn Security Data into Strategic Value with the Mimecast Human Risk Insights Report
Security leaders face a persistent challenge: demonstrating the tangible value of cybersecurity investments to executive leadership and boards. While threat detection numbers pile up in dashboards, translating those statistics into meaningful impact remains complex. We’re excited to announce the Mimecast Human Risk…
Astaroth Infostealer Campaign : 16 June 2025
Key Points What you'll learn in this notification Information stealer Trojan that predominantly targets Brazil and Mexico with a financial motive. Employs country-specific social engineering tactics. Leverages newly registered, low-reputation domains that impersonate legitimate services. Samantha Clarke and the Mimecast…
German Tax and Accident Insurance Institution Impersonation : 03 June 2025
Key Points What you'll learn in this notification Attackers exploit institutional trust through sophisticated German tax authority impersonation. Emails appear to be generated by custom spam scripts with forged Thunderbird headers and high variability in subjects and sending email addresses Predominantly targeting…