"Chipotle Emails Serve Up Phishing Lures"

Researchers at Inky have found that a breach of Chipotle's email marketing service last month lead to customers being served phishing lures and malicious links that redirected to credential harvesting sites.  Chipotle's email vendor Mailgun was breached, allowing threat actors to commandeer the company's email marketing efforts.  The researchers found that 121 phishing emails were sent from the compromised Chipotle Mailgun account between July 13th and July 16th. Those attacks included two vishing attacks (using malicious voicemail message attachments), 14 impersonated USAA bank to harvest financial data, and the remaining 105 emails attempted to redirect users to a spoofed Microsoft site that attempted to steal credentials.  The researchers stated that the attacks leveraging Chipotle's breached Mailgun account are similar to Nobelium's attack on an email marketing service in May 2021. The researchers noted that they have no evidence to suggest the same actors are involved in these attacks and that it appears the adversaries are just copying the successful attack vector used by Nobelium.  Inky is still investigating the attacks.  
 

Threatpost reports: "Chipotle Emails Serve Up Phishing Lures"