Did you know our partner Egress’, Threat Intelligence team detected an 83.6% increase in scouting phishing emails between May 1st – June 30, 2023, compared with March 1st – April 30th, 2023? With an increase in those figures you have to take note to what is happening within the cyber security landscape.



These emails aim to identify organizations’ and individuals’ personal time off (PTO) patterns or other absences from work through the automatic out-of-office responses they receive. The scouting attacks were sent from multiple spoofed email addresses from servers located in Russia and Japan.


In the second step of this campaign, the cybercriminals applied the intelligence they had gathered about absences to send phishing emails impersonating absentees. These impersonation attacks originated from the same servers as the scouting emails.



The problem with scouting emails is they’re not obvious. The way in which the Egress analysts detected something suspicious was via the hyperlink within each of the emails. They were all composed of the same pattern of pseudo-random characters and numbers, with no more than six digits in each. The links were all hosted on ‘app.link’.


The Egress Threat Intelligence team revealed that the hyperlinks also contained pixel tracking. This meant that if the recipient was to click on the link the tracking would provide the cybercriminal with a plethora of information including, giving them additional information for future attacks.


If you would like to know how Egress can protect you and your business from Scouting Phishing email, get in touch today.