Techly NewsGet the app

Get the latest tech news

Proofpoint Bug Allowed Scammers to Pose as Major Brands, Send Phishing Emails


This ‘EchoSpoofing’ targeted vulnerabilities in Proofpoint's Secure Email Relay Solution to pose as companies like Disney, IBM, Nike, and Best Buy and send their customers legit-looking emails.

“It can be easily converted from large-scale phishing to a boutique spear-phishing campaign where an attacker can swiftly take any real company team member identity and send emails to other co-workers," says Nati Tal, the author of the report and head of Guardio Labs. Since it became aware of the flaw in March 2024, Proofpoint adjusted its Admin panel to improve the default configuration process via alerts and by "clearly describ[ing] the potential risks, allowing customers to approve tenants and easily monitor for any signs of misuse," Guardio Labs says. The Guardio Labs report also notes that "with 'EchoSpoofing,' the technical challenge lies in enhancing an old, insecure protocol like SMTP, which suffers from fragmentation and inconsistent implementation across different vendors.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Scammers

Scammers

Photo of major brands

major brands

Photo of phishing emails

phishing emails

Related news:

News photo

Proofpoint settings exploited to send millions of phishing emails daily

News photo

Philippines wipes out its legit online gambling industry to take down scammers

News photo

The golden age of scammers: AI-powered phishing

« North Korea hackers trying to steal nuclear secrets- US, UK warn
Indie studio opens up to share canceled Magic School project »