Email Routing Flaw in Proofpoint System Used to Send Large Amounts of Fake Phishing Emails

Published:

spot_img

Massive Scam Campaign Exploiting Email Security Vendor Proofpoint’s Defenses Detected

Cybersecurity researchers have uncovered a massive scam campaign dubbed EchoSpoofing, where threat actors exploited an email routing misconfiguration in Proofpoint’s defenses to send millions of phishing emails spoofing popular companies like Best Buy, IBM, and Nike. This campaign, which began in January 2024, saw the threat actor sending up to three million emails per day on average, peaking at 14 million in June.

The unique aspect of EchoSpoofing is the sophisticated spoofing method used, making it difficult to differentiate the phishing emails from genuine ones. The threat actor leveraged SPF and DKIM authentication measures to bypass security protections, deceiving recipients and attempting to steal funds and credit card details.

Furthermore, the messages were routed through adversary-controlled Microsoft 365 tenants before being relayed through Proofpoint’s servers to reach users of free email providers like Yahoo!, Gmail, and GMX. This exploit highlighted a super-permissive misconfiguration flaw in Proofpoint servers, allowing spammers to abuse the email infrastructure.

Notably, the campaign was designed to generate illegal revenue while avoiding detection, as targeting companies directly could have increased the risk of exposure. Proofpoint has taken steps to address the issue, emphasizing that no customer data was exposed. The company is urging VPS providers and email service providers to implement measures to prevent similar attacks in the future.

As cybersecurity threats continue to evolve, organizations are advised to review their cloud infrastructure security and maintain control over third-party services to prevent such malicious activities. Additionally, service providers are encouraged to proactively identify and mitigate potential threats to safeguard both their customers and the wider public.

spot_img

Related articles

Recent articles

Chandigarh Cyber Crime Unit Investigates ₹2.26 Lakh Phishing Scam Targeting Senior Citizens Through Cloned Service Calls

Chandigarh Cyber Crime Unit Investigates ₹2.26 Lakh Phishing Scam Targeting Senior Citizens Through Cloned Service Calls The Chandigarh Cyber Crime Police Station in Sector 17...

Ajman Department of Tourism, Culture and Media Strengthens Global Presence with New Representative Office in China

Ajman Department of Tourism, Culture and Media Strengthens Global Presence with New Representative Office in China In a strategic move to enhance its global tourism...

Smart Cities Advance as Integration Elevates Security Stakes in the GCC

Smart Cities Advance as Integration Elevates Security Stakes in the GCC The term "smart cities" has evolved from a buzzword often found in conference presentations...

iPhone 18 Pro Blueprints Leaked in Major Ransomware Attack; SK Hynix Initiates U.S. IPO Process

iPhone 18 Pro Blueprints Leaked in Major Ransomware Attack; SK Hynix Initiates U.S. IPO Process The onset of the second half of 2026 has unveiled...