Is this the most dangerous phishing scam yet?

SubdoMailing: The Sneaky New Phishing Scam Hitting Business Inboxes

Imagine this: You’re working through your inbox, and you receive what appears to be a legitimate email from a brand you trust. Maybe it’s a supplier, a service you use, or even a major retailer.

You think, “Looks safe. I’ve seen this name before.”

But what if it’s not?

There’s a new scam making waves in 2025 and it's called SubdoMailing. It's slick, it's sneaky, and it's bypassing even advanced email filters. If you're not aware of it yet, your business could be at serious risk.

Let’s break it down without the tech jargon and in plain English.

What Is SubdoMailing?

SubdoMailing is a new twist on classic phishing attacks. But instead of sending emails from lookalike domains or spoofed addresses, cybercriminals exploit real, unused subdomains from legitimate companies.

🔍 What’s a subdomain?

A subdomain is the part before the main website name, like this:

"example.trustedbrand.com"

  • trustedbrand.com is the main domain
  • experience. is the sub domain

These subdomains are often created for temporary campaigns or landing pages and many companies forget to deactivate them or leave them pointing to third-party platforms that have expired.

That’s where the scam begins.

How the SubdoMailing Scam Works

  1. Hackers find abandoned subdomains still active and linked to expired external services.
  2. They buy the now-unclaimed external domain, giving them control over where the subdomain redirects.
  3. They create scam pages or malware-infected sites on that domain.
  4. Emails are sent from what appears to be a genuine source, like something.reputablecompany.com.
  5. Users (including your employees) click...thinking it's safe...and land directly on the scam site.

🚨 These emails bypass normal spam filters, because technically, the sending domain is real. Some hackers are now sending 5 million SubdoMailing emails per day and your business could be the next target.

How to Protect Your Business from SubdoMailing Attacks

SubdoMailing is clever, but your business can stay one step ahead with the right precautions:

1. Educate Your Team

  • Train staff on how phishing scams are evolving
  • Explain what SubdoMailing is and how to recognise suspicious subdomains
  • Reinforce a Think Before You Click” policy across your organisation

2. Check Links Carefully

  • Hover over links before clicking
  • Look for unusual prefixes (e.g. support-hr.brand.com) or misspellings
  • If in doubt, visit the brand’s main website directly or contact the sender to verify

3. Invest in Advanced Email Security

SubdoMailing is designed to beat traditional filters. Modern email security platforms use:

  • URL rewriting and sandboxing
  • Domain-based message authentication (DMARC, DKIM, SPF)
  • Threat intelligence feeds to flag suspicious behaviours

Your business IT support provider can help you implement and monitor these.

4. 🧠 Review Subdomain Use Internally

  • If your business uses subdomains (e.g. for marketing or campaigns), make sure they’re actively maintained
  • Remove old DNS entries or review third-party integrations that may be pointing to expired services

5. 🔄 Keep Software and Systems Up to Date

  • Ensure email gateways, antivirus software, and spam filters are updated
  • Regular patching helps close the loopholes hackers exploit

🚨 Don’t Fall for the Trap

SubdoMailing isn’t science fiction — it’s happening now, and it's catching out businesses of all sizes.

The best defence? Awareness + action. When your team knows what to look for and your systems are properly secured, you drastically reduce your risk of falling victim to a devastating breach.

👥 Need Help Securing Your Business Emails?

We help UK businesses stay protected against phishing, SubdoMailing attacks, malware, and more. Our cyber security services include:

  • Managed email security solutions
  • Microsoft 365 phishing protection
  • End-user cyber awareness training
  • Proactive threat monitoring and incident response

📞 Contact us today to audit your email security and stop phishing attacks before they happen.