Email Security Blog

Zombie Phish Are Coming For You

Hack Complete.
Account Takeovers Are Tough to Beat.


ZOMBIE PHISH_2023Zombies. Their only mission is to feed. In doing so, they grow stronger and stronger. The same goes for the season’s most frightening email scam — Zombie Phish.

When the Zombie Phish strikes, it can feel like your world is coming to an apocalyptic end. It starts with a single Zombie Phishing email that has made it past a not-so-secure Secure Email Gateway (SEG). Just one wrong click from an employee, and the Zombie Phish hacker can run his choice of scary code. Moments later, he has total control of their email account and everything that’s in it.

More often than not, Zombie Phish contain a computer worm (after all, what’s a zombie without its fair share of worms?) In this case, worms are a type of malicious software program that not only wreak havoc on its host computer, but quickly infect other computers as well. How? Having taken over an employee's account, the Zombie Phish hacker now has access to all of their old/dead emails – the ones they probably should have deleted months ago. In fact, feasting on these dead emails is how the Zombie Phish first got its name.

With the account takeover in place, the Zombie Phish hacker – now disguised as the employee – begins reforwarding old/dead emails in the account back to the original sender. Certainly, if a hacker is going to impersonate someone, adding a new message to the top of an old familiar email someone has received in the past will make this phishing attack much more believable. Each of their contacts presents a new opportunity for the infection to spread…as does each of the contact’s contacts. In no time, the hacker has created an entire army of zombies and can commit all sorts of diabolical cybercrime acts. The Zombie Phish hacker might use one of the compromised email accounts to commit CEO impersonation, or to start an elaborate Business Email Compromise (BEC) attack. They can even use another zombie account to run scripts in an attempt to locate vulnerable systems or perhaps convince one of the employee's many contacts to give up important credentials. Really, with an entire zombie army at their disposal, the options are seemingly endless.

A Destructive Path

It’s no secret that email phishing threats are on the rise this year. Sadly, all types of phishing threats – including Zombie Phish kill companies all over the world. In fact, APWG, an international coalition against cybercrime, reported more than 4.7 million phishing attacks in 2022, which is an increase of more than 150% per year since 2019.1  


Zombie Phish Preparedness

There are all kinds of emergencies, but few provoke the kind of fear that a Zombie Phish delivers. Hundreds of contacts and years and years of old emails lie in wait for the Zombie Phish hacker to pounce. So, what’s the best way to prepare for a Zombie Phish apocalypse? First of all, it’s always a good idea to keep email boxes clean and free of the types of dead emails Zombie Phish feed upon. Secondly, know what a Zombie Phish looks like, including one that might come from an infected friend trying to grow an army of zombies. Most importantly, however, is the need to prevent rather than prepare.


The Best Zombie Hunters

Zombie Phish can be tricky to detect and few email security solutions can spot them. As a leader in the war against phishing, INKY has the technology to keep your customers safe from phishing scams, including malware, ransomware, business email compromise, brand impersonations, and of course...Zombie Phish. INKY is easy to deploy, simple to administer, and a profitable way to boost your own revenue. INKY sees the things that others can’t and catches the things that others don’t. Even the most sophisticated phishing threats don’t stand a chance. In short, INKY provides the best email phishing protection you can get.

Don’t let the Zombie Phish eat through the brains of your company or your customers. Sign-up for a demo today.


Hacker Defeat.
INKY Stops Zombie Phish, Others Can’t Compete.



INKY is an award-winning, behavioral email security platform that blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.