Security News > 2021 > July > Chipotle’s marketing account hacked to send phishing emails
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links.
The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes.
Almost all malicious emails impersonated Microsoft with the purpose of collecting login information.
Email security company Inky says in a blog post today that they caught 105 such emails in this three-day campaign.
The emails appeared to come from "Microsoft 365 Message center" and alerted the recipient of emails that could not be delivered "Due to low email storage" in the cloud.
Hacking an email marketing platform for phishing attacks has been described earlier this year as an entry vector used by Nobelium, the state-sponsored threat actor blamed for the Solarwinds supply-chain attack.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)