Chipotle email marketing hacked to send phishing emails

Cybercriminals have begun sending out phishing emails after they were able to gain access to one of the email marketing accounts used by ...

Cybercriminals have begun sending out phishing emails after they were able to gain access to one of the email marketing accounts used by the US-based Mexican food chain Chipotle.

According to a new blog post from the email security company Inky, those behind the campaign sent out at least 120 malicious emails in just three days from a hacked Mailgun account that the food chain uses for email marketing.

Cybercriminals often try to obtain legitimate email addresses from businesses as they increase the chances of their phishing emails being delivered since they'll be able to bypass authentication methods including DomainKeys Identified Mail (DKIM) and Sender Policy Framework.

While the majority of the phishing emails sent from Chipotle's hacked Mailgun account led users to credential-harvesting sites, a small number also had attachments which contained malware.

Compromised Mailgun account

Many of the emails sent out from the hacked Mailgun account led users to a fake Microsoft login page with the aim of harvesting their credentials. According to Inky, 105 of the 120 malicious emails it detected tired to harvest users Microsoft account credentials.

The emails themselves appeared as if they came from the “Microsoft 365 Message center” and the body of these emails informed recipients that their messages could not be delivered as a result of low email storage in the cloud. When a user then clicked on a button labeled “release messages to inbox”, they would be redirected to a fake login page used to collect their credentials.

In addition to Chipotle, the cybercriminals behind this recent campaign also impersonated the United Services Automobile Association (USAA) and tricked users to visiting a phishing site that appeared to be legitimate at a first glance. The remaining fake emails posed as voicemail notifications that also contained malware attachments.

To prevent falling victim to this and similar phishing scams, Inky recommends that users pay close attention to any discrepancies between a sender's display name (Microsoft, USAA, VM Caller ID” and the message's actual email address.

Via BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/3idx9Ye



Apps,3855,Business,148,Camera,1154,Earn $$$,1,Gadgets,1739,Games,924,Innovations,1,Mobile,1695,Paid Promotions,3,Promotions,3,Technology,7934,Trailers,795,Travel,36,Trendly News,20969,Video,4,XIAOMI,12,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Chipotle email marketing hacked to send phishing emails
Chipotle email marketing hacked to send phishing emails
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy