Chipotle email marketing hacked to send phishing emails


Cyber ​​criminals started sending phishing emails after gaining access to one of the email marketing accounts of the US-Mexican grocery chain Chipotle.

According to a new blog post from email security company Inky, the campaigners sent at least 120 malicious emails in just three days from a hacked Mailgun account the grocery chain is using for email marketing.

Cyber ​​criminals often attempt to obtain legitimate corporate email addresses as they increase the chances of their phishing emails being delivered by bypassing authentication methods such as DomainKeys Identified Mail (DKIM) and Sender Policy Framework.

While the majority of phishing emails sent from Chipotle's hacked Mailgun account led users to credential-gathering websites, a small number also contained attachments that contained malware.

Compromised Mailgun Account

Many of the emails sent from the hacked Mailgun account led users to a fake Microsoft sign-in page with the aim of harvesting their credentials. According to Inky, 105 of the 120 malicious emails detected are tired of harvesting Microsoft account credentials.

The emails themselves looked like they came from the “Microsoft 365 Message Center” and the text of these emails informed the recipients that their messages could not be delivered due to the limited email storage in the cloud. Then, when a user clicked a button labeled "Release messages to inbox," they were redirected to a fake login page that was used to collect their credentials.

In addition to Chipotle, the cybercriminals behind this latest campaign also pretended to be the United Services Automobile Association (USAA) and tricked users into visiting what appears to be a seemingly legitimate phishing site. The rest of the fake emails presented themselves as voicemail notifications that also contained malware attachments.

To avoid falling victim to this and similar phishing scams, Inky recommends that users watch out for discrepancies between the display name of a sender (Microsoft, USAA, VM Caller ID ”and the actual email address of the message.

About BleepingComputer

https://dailyaffiliatemarketingnews.com/chipotle-email-marketing-hacked-to-send-phishing-emails/

Comments

Post a Comment

Popular posts from this blog

E-mail Advertising Service Supplier Providers Market 2021 by World Key Gamers, Sorts, Purposes, Nations, Business Measurement and Forecast to 2027

Image
An intensive overview of the worldwide E-mail Advertising Service Supplier Providers market has been offered on this market intelligence examine with a view to present a powerful understanding of the market. The analysis report affords a complete evaluation of the profitable alternatives and newest developments throughout the international E-mail Advertising Service Supplier Providers market. As well as, the examine includes strategic enterprise insurance policies which have been adopted by the main gamers (OpGen Media, Cience, RightHello, WebiMax, LeadMD, InboundLabs, Straight North, Televerde, Gannett, Belkins, Deutsch, 180Fusion, Blue Fountain Media, BRAFTON, Bridgeight) working within the international E-mail Advertising Service Supplier Providers market, together with the important thing development drivers, limitations, challenges, regulatory ecosystem, and future estimates of the worldwide E-mail Advertising Service Supplier Providers market all through the forecast interval...
Read more

HostGator's birthday bash means getting 70% off webhosting plans

Having been round for a yr shy of 20 years, HostGator is certainly among the many pioneers of the webhosting world. It is easy, full of glorious options, and has its personal software program for site-building. To rejoice one other profitable yr, HostGator lets customers save 70% throughout choose internet hosting plans that continues to be feature-packed. The sale ends on October 22, at 11:59 PM CT. This sale makes the Hatchling, Child, and Enterprise Plans, all providing limitless bandwidth and storage, and lightning-fast pace, extra reasonably priced than ever. HostGator is even throwing in free area registration throughout these plans. Startup companies flip to HostGator for his or her internet hosting wants - and with good purpose.  From simple setup to complete and reasonably priced plans, HostGator is thought for his or her stable uptime of 99.93% and dependable pace.  Different exceptional options embody one-click WP installs, free SSL certificates, unmetered bandwidth and sto...
Read more