Postmark, a popular email service provider, recently faced a phishing email attack that targeted both its customers and non-customers. The attackers sent two emails with suspicious links to steal usernames and passwords. Postmark quickly responded by disabling logins on its site, working with the hosting company to take down the mirror site, and sending an alert to customers. An investigation revealed that the attackers used a combination of public email and DNS lookup services to compile their list of email addresses. To protect themselves from future phishing attempts, users are advised to set up 2-factor authentication for their accounts. Postmark is taking additional steps to prevent similar attacks in the future.