Archive - Behind the Surface Analysis Blog

How HTMLMIX Uses AI to Help Cybercriminals Evade Email Security Filters

Real threat actors are using AI-powered tools like HTMLMIX to bypass email filters at scale. Here's how the tool works and how to defend against it.

Jan 20 • Travis Simcox

I Saw a Phishing Site That Traps Security Bots

I analyze dozens of phishing sites per month. Most are cut-and-paste redirects pointing to Phishing-as-a-Service kits. But this campaign was a little…

Jan 20 • Travis Simcox

November 2025

Would you recognize the sound of a bank account being drained? How automated OTP social engineering bypasses MFA

Today we publish the first public findings on MrJayOTP.

Nov 2, 2025 • Travis Simcox

CleanTraffic: The redirect service that is anything but clean

Did you know cybercriminals are using A/B testing to optimize their phishing campaigns?

Nov 2, 2025 • Travis Simcox

This is Behind the Surface Analysis Blog.

Nov 2, 2025 • Travis Simcox

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts