IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Chipotle’s marketing email hacked to send phishing emails

Over 120 emails attempted to steal login credentials from victims

Chipotle sign on the side of a brick building

Hackers have abused an email account linked to the Chipotle restaurant chain to send phishing emails to unsuspecting victims.

According to cyber security company Inky, between July 13 and 16 this year, researchers  detected 121 phishing emails in a similar attack that originated from a compromised Mailgun email marketing account used by the chain. 

It said that of those 121 attacks, two were fake voicemail notifications with malware attachments (also known as vishing), 14 impersonated USAA Bank and had mail.company[.]com links that redirected to a malicious USAA Bank credential-harvesting site, and the other 105 impersonated Microsoft and had mail.company[.]com links that redirected to a malicious Microsoft credential-harvesting site.

Researchers said the bulk of the attacks impersonate Microsoft. The giant software company is often the subject of impersonations because Microsoft credentials are highly valuable.

“Almost everyone has a Microsoft account, and logins there can lead to all kinds of interesting data, including other logins, trade secrets, financial details, and other intelligence,” said researchers.

Researchers said the attacks were highly effective because all phishing emails came from an authentic Mailgun IP address (166.78.68.204), passed email authentication (SPF and DKIM) for company[.]com, and used high reputation mail.company[.]com URLs as redirectors to malicious sites.

Niamh Muldoon, Global Data Protection Officer at OneLogin, told ITPro that she predicted we might hear more about these types of breach disclosures as well as privacy-related fines being imposed on companies contracting marketing platform providers.

“Oftentimes the data is left within these platforms with sites left on the internet after marketing or conference events, and security monitoring as well as alerting is not in place, making them easy targets for attack,” she said.

“We all know these platforms process and store data that is in demand (contact details) and therefore, easily sold on dark web and/or to sales teams. How many times have you received an email asking you if you were interested in buying a leads list? This is likely just one of many cases we’ll hear this year of marketing accounts being hacked.”

Jamie Akhtar, CEO and co-founder of CyberSmart, told ITPro that hackers are often quick to adapt their strategies to increase their chances of success. As is the case here with Chipotle, cyber criminals have recognized that sending emails from a legitimate address can go a long way in deceiving individuals. 

“Unfortunately, phishing attempts have become so sophisticated that our general advice for spotting suspicious emails may be becoming outdated. Security awareness training remains pivotal but greater emphasis should be placed not solely on spotting these emails but also reporting them so that we may collectively learn the latest tactics of these hackers and prevent others from getting caught up in it,” he said.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

2022 IBM's Security X-Force cloud threat landscape report
Whitepaper

2022 IBM's Security X-Force cloud threat landscape report

22 Nov 2022
2022 Magic quadrant for Security Information and Event Management (SIEM)
Whitepaper

2022 Magic quadrant for Security Information and Event Management (SIEM)

22 Nov 2022
Seven realities facing SMBs as they enter a future of increased cyber threats
Whitepaper

Seven realities facing SMBs as they enter a future of increased cyber threats

21 Nov 2022
Revealed: The top 200 most common passwords of 2022
cyber security

Revealed: The top 200 most common passwords of 2022

17 Nov 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022