Security News > 2024 > July > Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
A huge phishing campaign exploited a security blind-spot in Proofpoint's email filtering systems to send an average of three million "Perfectly spoofed" messages a day purporting to be from Disney, IBM, Nike, Best Buy, and Coca-Cola - all of which are Proofpoint customers.
Guardio dubbed the campaign EchoSpoofing - because the spam was "Echoed" from email relay servers owned and operated by Proofpoint itself.
Proofpoint, which said it spotted the spam campaign in late March, conceded that miscreants abused "a small number" of its customers' Microsoft 365 accounts, and added: "This issue did not expose any Proofpoint customer data, and no customer experienced any data loss as a result."
The spammers abused an insecure-by-default Proofpoint email routing feature to send messages with valid SPF and DKIM signatures of top corporations via Proofpoint's email relays.
Crucially, Disney's setup, with its Proofpoint filtering, ensured that its outgoing mail via Proofpoint appeared to recipients as if it was coming officially from Disney with all the correct SPF and DKIM signatures added.
Why would Proofpoint allow such a thing to happen? Because its affected customers had each enabled Microsoft 365 integration with Proofpoint's filtering service but not locked down who exactly could send email via that product as them.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/30/scammers_spoofed_emails/
Related news
- Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (source)
- Proofpoint settings exploited to send millions of phishing emails daily (source)
- Phishing emails abuse Windows search protocol to push malicious scripts (source)
- How to Spot a Phishing Email Attempt (source)