Email Security Blog

Zombie Phish Are Coming For You

Hack Complete.
Account Takeovers Are Tough to Beat.


Zombie Phish-3Zombies. Their only mission is to feed. In doing so, they grow stronger and stronger. The same goes for the season’s most frightening email scam — Zombie Phish.

When the Zombie Phish strikes, it can feel like your world is coming to an apocalyptic end. It starts with a single Zombie Phishing email that has made it past your not-so-secure Secure Email Gateway (SEG). Just one wrong click, and the Zombie Phish hacker can run his choice of scary code. Moments later, he has total control of your email account and everything that’s in it.

More often than not, Zombie Phish contain a computer worm (after all, what’s a zombie without its fair share of worms?) In this case, worms are a type of malicious software program that not only wreak havoc on its host computer, but quickly infect other computers as well. How? Having taken over your account, the Zombie Phish hacker now has access to all of your old/dead emails – the ones you probably should have deleted months ago. In fact, feasting on these dead emails is how the Zombie Phish first got its name.

With the account takeover in place, the Zombie Phish hacker – now disguised as you – begins reforwarding old/dead emails in your account back to the original sender. Certainly, if a hacker is going to impersonate you, adding a new message to the top of an old familiar email someone has received in the past will make this extended phishing attack much more believable. Each of your contacts presents a new opportunity for the infection to spread…as does each of your contact’s contacts. In no time, the hacker has created an entire army of zombies and can commit all sorts of diabolical cybercrime acts. The Zombie Phish hacker might use one of the compromised email accounts to commit CEO impersonation, or to start an elaborate Business Email Compromise (BEC) attack. They could use another zombie account to run scripts in an attempt to locate vulnerable systems. Another might fall victim to brand fraud and give up important credentials. Really, with an entire zombie army at your disposal, the options are seemingly endless.


A Destructive Path


It’s no secret that email phishing threats are on the rise this year. Sadly, all types of phishing threats – including Zombie Phish kill companies all over the world. In fact, APWG, an international coalition against cybercrime, reported a nearly 20% increase in the number of unique email phishing scams received during the first half of 2020, versus the first half of 2019.1  


Zombie Phish Preparedness


There are all kinds of emergencies, but few provoke the kind of fear that a Zombie Phish delivers. Hundreds of your contacts and years and years of old emails lie in wait for the Zombie Phish hacker to pounce. So, what’s the best way to prepare for a Zombie Phish apocalypse? Well, it will take a lot more than bottled water and a flashlight to be ready for this would-be disaster.

First of all, it’s always a good idea to keep your email box clean and free of the types of dead emails Zombie Phish feed upon. Secondly, know what a Zombie Phish looks like, including one that might come from an infected friend trying to grow an army of zombies. Most importantly, however, is the need to prevent rather than prepare.


The Best Zombie Hunters


Zombie Phish can be tricky to detect and few email security solutions can spot them. INKY is a new hero in the emerging war against phishing…including Zombie Phish. Its flagship program, the INKY Phish Fence, is a cloud-based email security platform designed to catch pretty much anything – even zombies. Using computer vision, artificial intelligence, machine learning, and stylometry, INKY sees the things that others can’t and catches the things that others don’t. Even the most sophisticated phishing threats don’t stand a chance. In short, INKY provides the best email phishing protection you can get.

Don’t let the Zombie Phish eat through the brains of your company. Electrocute them with the INKY Phish Fence. Sign-up for a demo today.


Hacker Defeat.
INKY Stops Zombie Phish, Others Can’t Compete.



INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.