Security News > 2024 > July > Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed "EchoSpoofing" exploited now-fixed, weak permissions in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies.
The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 million emails in early June.
The phishing emails were designed to steal sensitive personal information and incur unauthorized charges.
The attackers used Virtual Private Servers hosted by OVHCloud and Centrilogic to send those emails and used various domains registered through Namecheap.
The threat actors could pass SPF checks and send emails through Proofpoint's servers due to a very permissive SPF record configured on domains by the email security services.
The company introduced the 'X-OriginatorOrg' header to help verify the email source and filter out non-legitimate and unauthorized emails.
News URL
Related news
- Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (source)
- Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others (source)
- Phishing emails abuse Windows search protocol to push malicious scripts (source)
- How to Spot a Phishing Email Attempt (source)