Phishing Attacks Carried out using Chipotle’s Marketing Account

Phishing-Threats
Share It On:

1st August 2021, Kathmandu

Customers’ payment card data was stolen by hackers using malware planted at the great majority of Chipotle Mexican Grill’s more than 2,000 locations, according to the restaurant business.

The email marketing account belonging to the American fast-food chain Chipotle Taco used its phishing campaign.  The attacker sends a phishing email to induce the target to click on a malicious link.

Almost all messages lead potential victims to credential collection sites masquerading as banking organizations and technology companies Microsoft services. Fortunately, there are very few phishing emails with malware attached.

 How did the Chipotle phishing attack happen?

 During a phishing operation, a hacked Mailgun account used by a US company for email marketing purposes sent more than 120 malicious emails.

Attacks can be successful with a real email address, especially if you have an automatic protection solution to verify that your email address passes Domain Key Recognized Mail (DKIM) authentication Methodology and sender policy framework. It is critical to understand that it is feasible.

 Most messages are Microsoft messages designed to collect login information from the recipient. In a blog post, email security company Inky stated that it has detected 105 such emails in the last three days of phishing operations.

Almost everyone has a Microsoft account. Logging in can provide you with all kinds of interesting data, including other login information, company secrets, financial details, and other intelligence. According to Bleeping Computer, the email appeared to be from the “Microsoft 365 Message Center” and notified the victim that an email could not be sent “due to insufficient email storage space in the cloud.”

 Therefore, when a user clicks a button that appears to “send a message to their inbox”, they are immediately redirected to a fake Microsoft login page that collects sensitive data. The attackers also disguised themselves as the United Service Automobile Association (USAA), a diversified Fortune 500 financial services group in San Antonio. Banking, investing, and investing in people who have worked or worked in the United States and family army.

The email security company did not disclose the threats provided, but the business email breach (BEC) scammers provided information theft programs to collect data that could be used for the social engineering part of the fraud.

Inky researchers stated that there is no indication that the latest phishing operation was carried out by the same threat actors.

It’s also unknown, at least to INKY, where the phishing assault originated. “Because these emails came through Mailgun servers, we have no idea who is behind this attack or where they are,” Alibe explained.

After “work anywhere, anytime” in 2020, many companies have felt the loss of employees working remotely, who often use unsecured personal devices owned by the company to access SaaS services. Organizations must incorporate anti-phishing and identity protection technologies into their security policies.


Share It On:

Recent Posts

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support

Ncell Unlimited Data Saapati: 1-Day Internet for Prepaid Users with Low Balance

Ncell Unlimited Data Saapati: 1-Day Internet for Prepaid Users with

Share It On:20th December 2024, kathmandu  Ncell has started to provide Unlimited Data as Saapati, enabling customers to stay online