Skip to content
All posts

SubdoMailing - An Emerging Phishing Threat

 

 

Imagine this: You're navigating through your daily emails when suddenly, an email pops up from a familiar and trusted company.

You think, "This must be safe," but wait a moment... this email isn't as benign as it appears.

Enter "SubdoMailing," a devious scam crafted by cybercriminals to lure you into clicking on harmful links or disclosing confidential information. It's as perilous as it gets.

So, what's the gist?

Similar to classic phishing schemes, these fraudsters masquerade as reputable entities.

Here's the twist: They hunt for unused subdomains of well-known brands—those prefixes in web addresses like 'experience' in experience.trustedbrand.com.

They pinpoint a dormant subdomain still linked to an unregistered external domain, then snap up that domain to establish a fraudulent site.

Thus, when you click on what you believe to be experience.trustedbrand.com, it stealthily redirects you to a bogus site, scamwebsite.com.

These con artists dispatch five million emails daily, aiming at individuals in companies just like yours.

Because these emails appear to originate from a legitimate source, they often bypass standard security measures and end up in your inbox.

To safeguard you and your data, here's our guidance:

- Stay vigilant with emails that seem even slightly off. If it looks suspicious, it likely is.

- Always double-check the sender before clicking on links or downloading attachments. Watch out for telltale signs like spelling errors or odd email addresses.

- Educate your team on the latest phishing strategies and how to recognize a scam. Awareness is key to protecting your business.

- Investing in superior security software can seem like an added cost, but it's a worthy defense against cyber threats.

Should you need assistance with this or any other email security concerns, we're here for you.