Cyber Experts Oon Breaking MailChimp Crypto Phishing Scam!

By   ISBuzz Team
Writer , Information Security Buzz | Apr 07, 2022 03:56 am PST

Hackers are causing havoc again, by breaching MailChimp email marketing firm to launch crypto-based phishing scams. As email (BEC) has always been the main vector for phishing, this is a major cause for serious concern.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jack Chapman
Jack Chapman , VP of Threat Intelligence
April 7, 2022 11:56 am

This is a sophisticated attack which utilized social engineering to steal the credentials of Mailchimp employees. The threat actors then exploited compromised accounts to carry out a further attack on Trezor users.

We would urge all users of Mailchimp and Trezor to ensure that they’re using two-factor authentication to secure their accounts, and to be vigilant for follow-up phishing attacks, as we don’t know who may have access to their data.

This attack, like the recent attacks on Globant, Samsung and NVIDIA, should also stand as a warning to other organizations, particularly those who, like Mailchimp, process vast amounts of user data. It’s crucial that security teams take targeted steps to prevent attackers gaining entry via social engineering – they must go beyond security awareness training and tick-box exercises, implementing technology to act as a safeguard so that their people can carry out their roles without fear of falling for an attack.

Last edited 1 year ago by Jack Chapman
David Mahdi
David Mahdi , Ex-Gartner Analyst and CSO
April 7, 2022 11:54 am

Recent incidents of breaches illustrate that criminals are getting smarter and can still gain results from older, proven attack vectors. In case of a phishing attack, it is no longer enough to watch out for crudely worded emails – recipients must also consider context, content and sender, particularly if financial transactions are involved. There are all kinds of malware that can get into your system through downloads or straight hacking.

Virtually every single business relies upon email as a fundamental form of communication and ironically, it is scarily easy to manipulate and falsify business emails in myriad ways. Cyber-criminals are aware of companies’ reliance on them and are perpetrating a variety of attacks to profit from it. Businesses should be aware that cyber criminals’ overarching strategy might rely on several separate malicious deployments, many based themselves on email, including malware that allows access to confidential information and credential-stealing and huge financial implications.

Last edited 1 year ago by David Mahdi

Recent Posts

Would love your thoughts, please comment.x