Phishing, Security Operations, Email security

Phishing campaign exploits Pride Month to target employees

A close-up of a laptop displaying an illuminated email icon with red hazard symbols, signifying security issues.

Scammers are leveraging Pride Month and diversity messaging in a sophisticated phishing campaign to trick employees into revealing login credentials. This campaign, identified by Mimecast, pressures individuals into clicking malicious links, all while operating through trusted infrastructure, according to a recent report by HackRead.

The phishing campaign, first detected in mid-December 2025, months before Pride Month, targets organizations globally, with the UK and United States being heavily impacted. Attackers are distributing malicious emails through compromised SendGrid accounts, a tactic that allows for scaled delivery and evasion of detection. The emails often mimic internal communications, offering opt-out options for Pride-themed branding that redirect users to fake login pages designed for credential theft. The campaign has evolved in two stages, initially targeting financial services and consulting, and later expanding to IT, SaaS, and retail sectors. The second wave in January 2026 saw improved messaging, including persona-based prefixes for impersonation and the use of CAPTCHA pages to bypass automated detection.

This campaign highlights a growing trend of attackers exploiting legitimate email services and social themes to conduct phishing attacks. While Mimecast has implemented detection capabilities, user awareness remains paramount; employees must exercise caution with unexpected policy updates and verify communications through HR or IT departments to prevent account compromise.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds