Security News > 2024 > July > Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
A huge phishing campaign exploited a security blind-spot in Proofpoint's email filtering systems to send an average of three million "Perfectly spoofed" messages a day purporting to be from Disney, IBM, Nike, Best Buy, and Coca-Cola - all of which are Proofpoint customers.
Guardio dubbed the campaign EchoSpoofing - because the spam was "Echoed" from email relay servers owned and operated by Proofpoint itself.
Proofpoint, which said it spotted the spam campaign in late March, conceded that miscreants abused "a small number" of its customers' Microsoft 365 accounts, and added: "This issue did not expose any Proofpoint customer data, and no customer experienced any data loss as a result."
The spammers abused an insecure-by-default Proofpoint email routing feature to send messages with valid SPF and DKIM signatures of top corporations via Proofpoint's email relays.
Crucially, Disney's setup, with its Proofpoint filtering, ensured that its outgoing mail via Proofpoint appeared to recipients as if it was coming officially from Disney with all the correct SPF and DKIM signatures added.
Why would Proofpoint allow such a thing to happen? Because its affected customers had each enabled Microsoft 365 integration with Proofpoint's filtering service but not locked down who exactly could send email via that product as them.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/30/scammers_spoofed_emails/
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)