Security News > 2024 > July > Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed "EchoSpoofing" exploited now-fixed, weak permissions in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies.
The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 million emails in early June.
The phishing emails were designed to steal sensitive personal information and incur unauthorized charges.
The attackers used Virtual Private Servers hosted by OVHCloud and Centrilogic to send those emails and used various domains registered through Namecheap.
The threat actors could pass SPF checks and send emails through Proofpoint's servers due to a very permissive SPF record configured on domains by the email security services.
The company introduced the 'X-OriginatorOrg' header to help verify the email source and filter out non-legitimate and unauthorized emails.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)