Proofpoint settings exploited to send millions of phishing emails daily

By Bill Toulas, Bleeping Computer

A massive phishing campaign dubbed "EchoSpoofing" exploited now-fixed, weak permissions in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies.


The campaign started in January 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 million emails in early June.

The phishing emails were designed to steal sensitive personal information and incur unauthorized charges. They also included properly configured Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) signatures, making them appear authentic to the recipients.

Guardio Labs helped discover the phishing campaign and security gap in Proofpoint's email relay servers. In May 2024, they notified the firm and helped them fix it.


Comments

Popular posts from this blog

Ukraine targeted by DDoS attacks from compromised WordPress sites

Microsoft fixes new PetitPotam Windows NTLM Relay attack vector

Microsoft Azure outage takes down services across North America