HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Malwarebytes Renewal Scams Use Phishing Tactics to Target Customers

Scammers are sending fake renewal notices that appear to come from Malwarebytes, using look‑alike domains and bogus phone numbers to trick customers into paying or revealing credentials. This highlights the need for strong SOC 2 access‑control evidence and security‑awareness training.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 malwarebytes.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Fake Malwarebytes Renewal Emails Target Customers in Phishing Scam

What Happened — Scammers are sending counterfeit subscription‑renewal emails that appear to come from Malwarebytes. The messages use look‑alike sender domains, fabricated invoice details, and bogus phone numbers to lure recipients into paying or disclosing credentials.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 CC6.1 (Logical Access) requires documented controls that prevent unauthorized credential use – phishing attacks directly test the effectiveness of those controls.
  • Continuous‑compliance programs must capture evidence of security‑awareness training and phishing‑simulation results to demonstrate due diligence.
  • A robust audit trail of incident response (e.g., phishing‑email quarantine logs) is essential evidence for a SOC 2 audit.

Who Is Affected — Endpoint‑security vendors, SaaS providers, and any organization that purchases subscription‑based software for employees.

Recommended Actions

  • Map the phishing scenario to SOC 2 access‑control criteria and verify that your security‑awareness program covers renewal‑scam tactics.
  • Enforce DMARC/DKIM/SPF for your domain and monitor for look‑alike domains.
  • Conduct regular phishing simulations and retain training completion records as audit evidence.

Source: Malwarebytes Labs – Watch out for renewal scams pretending to be Malwarebytes

Technical Notes — Attack vector: phishing email with spoofed sender address and malicious phone‑call lure. No software vulnerability disclosed; the threat relies on social engineering to obtain payment details or login credentials.

📰 Original Source
https://www.malwarebytes.com/blog/scams/2026/06/watch-out-for-renewal-scams-pretending-to-be-malwarebytes

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Awareness is a control you can evidence too.

Verisq AI Trust Operations records training completion and policy adoption as audit evidence — turning 'we train our staff' into something you can actually prove.

See how Verisq AI Trust Operations covers awareness →