In a classic phishing move: spoofing a legit security company like VadeSecure to make the email look trustworthy. Irony at its finest—phishers pretending to be the anti-phishing experts.
Here’s what’s likely going on:
-
vadesecure.com is being spoofed—the return address is faked to show their domain, but the email didn’t actually come from Vade’s servers.
-
Or the phishers are using a lookalike domain (e.g., vadesecure-support.com or vadesecure-mail.com) to trick people not paying close attention.
If you still have the email:
-
You can check the email headers to see the real “from” server (look for
Return-PathandReceivedlines). -
If the SPF/DKIM/DMARC checks fail in the headers, that’s confirmation it’s spoofed.
-
You can also report it to VadeSecure directly at: abuse@vadesecure.com
By Skeeter Wesinger
March 26, 2025