Back to Email phishing

Email phishing

The Shubert Organization data breach exposes payment card data of its customers.


On May 16, 2019, US-based theatre company, The Shubert Organization, sent a letter to customers informing them about a data breach that may have compromised their payment card details. Details such as names, email addresses, credit card numbers, and card expiration dates may have been accessed.

What happened.

On February 11, Shubert detected unusual activity in the email account of one of its employees and immediately hired a cybersecurity team to look into it. The investigations revealed that the attackers had gained access to some of Shubert's employee accounts between February 8 and 11, 2019.

After the breach was discovered, Shubert notified the attorney general and state regulators. The company is offering free credit monitoring services for those affected for two years through TransUnion Interactive. The email to customers also included information on steps to take to protect themselves against identity theft and fraud. Shubert has taken steps to review its existing security systems and is providing appropriate privacy training to all its employees.

Attackers use techniques like phishing attacks, brute force attacks, and credential stuffing attacks to gain access to email accounts. Stay one step ahead of attackers by investing in a smart tool like Exchange Reporter Plus, which monitors for and thwarts email-bound cybersecurity threats. Download a free, 30-day trial of Exchange Reporter Plus today.

How ManageEngine can help you avoid such incidents.

Exchange Reporter Plus provides a host of reports that can help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Often times, these malicious emails appear to be valid, tricking users into opening the emails and clicking on the links embedded in them, which can cause serious damage.

With Exchange Reporter Plus, you can locate emails based on:

  • Messages by subject keyword. Use reports to identify particular keywords in the email subject lines.
  • Messages by body keyword. Identify all the messages in your mailbox that have a particular keyword in the body of the email.
  • Attachment name. Get a report of all emails in your mailbox that have an attachment with a specific name. If you know the names of the malicious files, you can take the necessary steps to stop email-bound threats.
  • Attachment type. You can spot malicious software based on an attachment’s file extension (most malware comes in EXE format).
  • Non-owner mailbox access. Obtain reports on all users who gained excessive rights to access other user mailboxes.
  • The number of emails received from a specific domain, sender, department, or external email address. Get reports on all incoming emails from an external email address, a blacklisted sender or domain, or a specific department.
  • Messages by subject keyword
    Messages by body keyword
    Attachments by file name keyword
    Attachments by file extension keyword

Explore more features in ExchangeReporter Plus, and gain granular insights into your Exchange environment.

If you are using Exchange Online in your environment, then M365 Manager Plus offers an advanced Microsoft 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subjects, attachments, and bodies of emails. With this feature, you can identify the sender's email address, the device and OS used to compose the email, and the servers the email passed through.

Start your free, 30-day trial of M365 Manager Plus today to try out all these features.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.