Security News > 2024 > July > Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed "EchoSpoofing" exploited now-fixed, weak permissions in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies.
The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 million emails in early June.
The phishing emails were designed to steal sensitive personal information and incur unauthorized charges.
The attackers used Virtual Private Servers hosted by OVHCloud and Centrilogic to send those emails and used various domains registered through Namecheap.
The threat actors could pass SPF checks and send emails through Proofpoint's servers due to a very permissive SPF record configured on domains by the email security services.
The company introduced the 'X-OriginatorOrg' header to help verify the email source and filter out non-legitimate and unauthorized emails.
News URL
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)