Chipotle email marketing hacked to send phishing emails
Hacked Mailgun account sent out 120 malicious emails in three days
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals have begun sending outphishing emailsafter they were able to gain access to one of theemail marketingaccounts used by the US-based Mexican food chain Chipotle.
According to a newblog postfrom the email security company Inky, those behind the campaign sent out at least 120 malicious emails in just three days from a hackedMailgunaccount that the food chain uses for email marketing.
Cybercriminals often try to obtain legitimate email addresses from businesses as they increase the chances of their phishing emails being delivered since they’ll be able to bypass authentication methods including DomainKeys Identified Mail (DKIM) andSender Policy Framework.
While the majority of the phishing emails sent from Chipotle’s hacked Mailgun account led users to credential-harvesting sites, a small number also had attachments which containedmalware.
Compromised Mailgun account
Many of the emails sent out from the hacked Mailgun account led users to afake Microsoft login pagewith the aim of harvesting their credentials. According to Inky, 105 of the 120 malicious emails it detected tired to harvest usersMicrosoftaccount credentials.
The emails themselves appeared as if they came from the “Microsoft 365 Message center” and the body of these emails informed recipients that their messages could not be delivered as a result of low email storage in the cloud. When a user then clicked on a button labeled “release messages to inbox”, they would be redirected to a fake login page used tocollect their credentials.
In addition to Chipotle, the cybercriminals behind this recent campaign also impersonated the United Services Automobile Association (USAA) and tricked users to visiting a phishing site that appeared to be legitimate at a first glance. The remaining fake emails posed as voicemail notifications that also contained malware attachments.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To prevent falling victim to this and similar phishing scams,Inkyrecommends that users pay close attention to any discrepancies between a sender’s display name (Microsoft, USAA, VM Caller ID” and the message’s actual email address.
After the publication of this story, Mailgun reached out toTechRadar Prowith the following statement on the matter:
“Mailgun security teams are aware of a phishing campaign targeted at Chipotle and USAA customers. While this is not the result of any platform-level vulnerabilities or data breach, we assist with and support the full investigation of this incident. Mailgun routinely assists customers in their incident investigations by providing logs and other forensic information to help determine the root cause of credential leaks. The Mailgun platform includes multi-factor authentication, session timeout preferences, role-based access control, and other security features to prevent unauthorized logins.”
ViaBleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats
