Cyber Experts Oon Breaking MailChimp Crypto Phishing Scam!

Hackers are causing havoc again, by breaching MailChimp email marketing firm to launch crypto-based phishing scams. As email (BEC) has always been the main vector for phishing, this is a major cause for serious concern.

Experts Comments

April 07, 2022
David Mahdi
Ex-Gartner Analyst and CSO
Sectigo

Recent incidents of breaches illustrate that criminals are getting smarter and can still gain results from older, proven attack vectors. In case of a phishing attack, it is no longer enough to watch out for crudely worded emails - recipients must also consider context, content and sender, particularly if financial transactions are involved. There are all kinds of malware that can get into your system through downloads or straight hacking.

Virtually every single business relies upon email as a

.....Read More

Recent incidents of breaches illustrate that criminals are getting smarter and can still gain results from older, proven attack vectors. In case of a phishing attack, it is no longer enough to watch out for crudely worded emails - recipients must also consider context, content and sender, particularly if financial transactions are involved. There are all kinds of malware that can get into your system through downloads or straight hacking.

Virtually every single business relies upon email as a fundamental form of communication and ironically, it is scarily easy to manipulate and falsify business emails in myriad ways. Cyber-criminals are aware of companies’ reliance on them and are perpetrating a variety of attacks to profit from it. Businesses should be aware that cyber criminals’ overarching strategy might rely on several separate malicious deployments, many based themselves on email, including malware that allows access to confidential information and credential-stealing and huge financial implications.

  Read Less
April 07, 2022
Jack Chapman
VP of Threat Intelligence
Egress

This is a sophisticated attack which utilized social engineering to steal the credentials of Mailchimp employees. The threat actors then exploited compromised accounts to carry out a further attack on Trezor users.

We would urge all users of Mailchimp and Trezor to ensure that they’re using two-factor authentication to secure their accounts, and to be vigilant for follow-up phishing attacks, as we don’t know who may have access to their data.

This attack, like the recent attacks on Globant,

.....Read More

This is a sophisticated attack which utilized social engineering to steal the credentials of Mailchimp employees. The threat actors then exploited compromised accounts to carry out a further attack on Trezor users.

We would urge all users of Mailchimp and Trezor to ensure that they’re using two-factor authentication to secure their accounts, and to be vigilant for follow-up phishing attacks, as we don’t know who may have access to their data.

This attack, like the recent attacks on Globant, Samsung and NVIDIA, should also stand as a warning to other organizations, particularly those who, like Mailchimp, process vast amounts of user data. It’s crucial that security teams take targeted steps to prevent attackers gaining entry via social engineering – they must go beyond security awareness training and tick-box exercises, implementing technology to act as a safeguard so that their people can carry out their roles without fear of falling for an attack.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.