This is some text inside of a div block.
This is some text inside of a div block.
Imagine this: You’re working through your inbox, and you receive what appears to be a legitimate email from a brand you trust. Maybe it’s a supplier, a service you use, or even a major retailer.
You think, “Looks safe. I’ve seen this name before.”
But what if it’s not?
There’s a new scam making waves in 2025 and it's called SubdoMailing. It's slick, it's sneaky, and it's bypassing even advanced email filters. If you're not aware of it yet, your business could be at serious risk.
Let’s break it down without the tech jargon and in plain English.
SubdoMailing is a new twist on classic phishing attacks. But instead of sending emails from lookalike domains or spoofed addresses, cybercriminals exploit real, unused subdomains from legitimate companies.
A subdomain is the part before the main website name, like this:
"example.trustedbrand.com"
These subdomains are often created for temporary campaigns or landing pages and many companies forget to deactivate them or leave them pointing to third-party platforms that have expired.
That’s where the scam begins.
something.reputablecompany.com
.🚨 These emails bypass normal spam filters, because technically, the sending domain is real. Some hackers are now sending 5 million SubdoMailing emails per day and your business could be the next target.
SubdoMailing is clever, but your business can stay one step ahead with the right precautions:
support-hr.brand.com
) or misspellingsSubdoMailing is designed to beat traditional filters. Modern email security platforms use:
Your business IT support provider can help you implement and monitor these.
SubdoMailing isn’t science fiction — it’s happening now, and it's catching out businesses of all sizes.
The best defence? Awareness + action. When your team knows what to look for and your systems are properly secured, you drastically reduce your risk of falling victim to a devastating breach.
We help UK businesses stay protected against phishing, SubdoMailing attacks, malware, and more. Our cyber security services include:
📞 Contact us today to audit your email security and stop phishing attacks before they happen.