Security News > 2021 > July > Chipotle’s marketing account hacked to send phishing emails
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links.
The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes.
Almost all malicious emails impersonated Microsoft with the purpose of collecting login information.
Email security company Inky says in a blog post today that they caught 105 such emails in this three-day campaign.
The emails appeared to come from "Microsoft 365 Message center" and alerted the recipient of emails that could not be delivered "Due to low email storage" in the cloud.
Hacking an email marketing platform for phishing attacks has been described earlier this year as an entry vector used by Nobelium, the state-sponsored threat actor blamed for the Solarwinds supply-chain attack.
News URL
Related news
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishing emails delivering infostealers surge 84% (source)
- CoGUI phishing platform sent 580 million emails to steal credentials (source)
- Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails (source)