According to new information, a breach of Chipotle’s restaurant email marketing service last month has lead to customers being targeted with phishing lures in seemingly legitimate emails that then harvested users’ credentials. This attack mirrors earlier Nobelium attacks, according to researchers at Inky, who first reported that Chipotle’s email vendor Maligun was breached. This breach allowed threat actors to take over the company’s email marketing efforts. Therefore, the emails were very convincing and seemed to come from Chipotle. Inky released a report detailing the breach and subsequent phishing attempt last Friday.
Inky reportedly found 121 phishing emails sent from the compromised account, delivered to users between July 13 and July 16. The attacks included two vishing attacks, in which malicious voicemail message attachments were delivered, 14 impersonated USAA bank emails to harvest financial data, and 105 attempts to redirect users to a spoofed Microsoft site that would also harvest victims’ credentials. The attacks have similarities to others conducted by threat group Nobelium, which has been credited with the SolarWinds attack on the US government.
Read More: Chipotle Emails Serve Up Phishing Lures