Hackers distribute thousands of phishing attacks through Mimecast's secure-link feature

• Attackers abused Mimecast’s URL‑rewriting feature to mask malicious links in phishing emails
• More than 40,000 emails hit 6,000+ organizations, especially consulting, tech
• Campaign bypassed filters globally, with most victims in the US, though Mimecast says no flaw exists

Cybercriminals are abusing a legitimate Mimecast feature to deliver convincing phishing emails to their victims - at scale.

This is according to cybersecurity researchers Check Point, who claim to have seen more than 40,000 such emails being sent to over 6,000 organizations around the world, in a span of merely two weeks.

First, the crooks would create messages that closely resemble email notifications from reputable brands (SharePoint, DocuSign, or other e-signature notices), paying attention to the details such as logos, subject lines, and display names. Nothing in the messages stands out from routine notification emails.