Proofpoint email filter flaw exploited to send out millions of phishing messages

Phishing emails “perfectly” spoofed likes of Disney, Nike and more

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals found a way to send millions of “perfectly spoofed” phishing emails thanks to a vulnerability in Proofpoint’s email relay servers.

Experts fromGuardio Labsrevealed the phishing campaign started in January 2024, and was sending out an average of three million emails daily. In early June, it peaked with 14 million emails being disseminated.

The researchers dubbed the campaign “EchoSpoofing”, noting the crooks were able to get their phishing emails properly DKIM signed, and SPF approved. What tipped researchers off, though, was that all of the emails were dispatched from one specific family of relay servers - pphosted.com - which is owned and operated by the email security vendor Proofpoint.

Bypassing spam filters

To the recipient, the email looks as if it is coming from a legitimate business. The businesses being spoofed here all seem to be Proofpoint’s customers, mostly Fortune 100 companies. These include Disney, IBM, Nike, Best Buy, and Coca-Cola, to name a few.

“These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceive recipients and steal funds and credit card details,” the researchers concluded.

Guardio Labs said that all majoremail platforms, including Gmail, failed to flag these emails as spam, and instead allowed them straight into people’s inboxes. The emails scared the victims with fake account expirations, payment and renewal requests, and similar, all with the goal of harvestingpaymentandpersonally identifiable information.

Proofpoint said it had been keeping an eye on the EchoSpoofing campaign since March 2024, and that it provided new settings, and advice, on how to prevent such attacks in the future. The company provided a detailed guide on how users can add anti-spoof checks, and more.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Quordle today – hints and answers for Friday, November 8 (game #1019)