Threat actors are using spam bombing—flooding inboxes with subscription emails—to hide phishing attempts. Darktrace reports attackers pose as IT staff after the spam surge, tricking victims into Teams calls to gain access. Tools like Mailchimp's Mandrill are misused to send these emails. Defenders are urged to focus on user training and clear incident response protocols.

‍