Phishing Attacks Carried out using Chipotle’s Marketing Account

Phishing-Threats
Share It On:

1st August 2021, Kathmandu

Customers’ payment card data was stolen by hackers using malware planted at the great majority of Chipotle Mexican Grill’s more than 2,000 locations, according to the restaurant business.

The email marketing account belonging to the American fast-food chain Chipotle Taco used its phishing campaign.  The attacker sends a phishing email to induce the target to click on a malicious link.

Almost all messages lead potential victims to credential collection sites masquerading as banking organizations and technology companies Microsoft services. Fortunately, there are very few phishing emails with malware attached.

 How did the Chipotle phishing attack happen?

 During a phishing operation, a hacked Mailgun account used by a US company for email marketing purposes sent more than 120 malicious emails.

Attacks can be successful with a real email address, especially if you have an automatic protection solution to verify that your email address passes Domain Key Recognized Mail (DKIM) authentication Methodology and sender policy framework. It is critical to understand that it is feasible.

 Most messages are Microsoft messages designed to collect login information from the recipient. In a blog post, email security company Inky stated that it has detected 105 such emails in the last three days of phishing operations.

Almost everyone has a Microsoft account. Logging in can provide you with all kinds of interesting data, including other login information, company secrets, financial details, and other intelligence. According to Bleeping Computer, the email appeared to be from the “Microsoft 365 Message Center” and notified the victim that an email could not be sent “due to insufficient email storage space in the cloud.”

 Therefore, when a user clicks a button that appears to “send a message to their inbox”, they are immediately redirected to a fake Microsoft login page that collects sensitive data. The attackers also disguised themselves as the United Service Automobile Association (USAA), a diversified Fortune 500 financial services group in San Antonio. Banking, investing, and investing in people who have worked or worked in the United States and family army.

The email security company did not disclose the threats provided, but the business email breach (BEC) scammers provided information theft programs to collect data that could be used for the social engineering part of the fraud.

Inky researchers stated that there is no indication that the latest phishing operation was carried out by the same threat actors.

It’s also unknown, at least to INKY, where the phishing assault originated. “Because these emails came through Mailgun servers, we have no idea who is behind this attack or where they are,” Alibe explained.

After “work anywhere, anytime” in 2020, many companies have felt the loss of employees working remotely, who often use unsecured personal devices owned by the company to access SaaS services. Organizations must incorporate anti-phishing and identity protection technologies into their security policies.


Share It On:

Recent Posts

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a Diverse Tech Workforce in Nepal

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a

Share It On:21st November 2024, Kathmandu Genese Solution – a value IT consulting company, and Kageshwori Manohara municipality, have joined

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to Nepali Customers

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to

Share It On:21st November 2024, Kathmandu Shikhar Insurance had a grand celebration for their 20th Anniversary. On the occasion of

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key Trends and Investments

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key

Share It On:21st November 2024, Kathmandu As 2024 draws to a close, India’s generative AI ecosystem stands out as a