Security News > 2021 > August > Chipotle's Email Marketing Account Hacked to Spread Malware
All the malicious emails were sent via the Constant Contact mailing service using the compromised account of the United States Agency for International Development.
"Analysis of the email headers revealed that the messages originated from Mailgun servers and passed email authentication for chipotle[.]com," says Inky.
Of the 121 phishing emails detected, two were vishing attacks, 14 impersonated the USAA Bank, and 105 impersonated Microsoft.
The majority of the phishing emails impersonate Microsoft.
The clue to detecting this type of phishing email lies in the discrepancy between the sender's name, and the actual email sender.
The problem is that secure email gateways often rely on checking solely whether the sending domain is legitimate, and the email is coming from an approved range of IP addresses.