Proofpoint's analysis of 25 official FIFA World Cup partner domains revealed that 36% lack strong Domain-based Message Authentication, Reporting and Conformance (DMARC) protections.
These phishing emails often state that a user's storage limit has been exceeded or their account is blocked, threatening the permanent erasure of photos and videos by a specific date.
Attackers are leveraging n8n's webhook functionality, which exposes unique URLs on the *.app.n8n.cloud subdomain, to initiate workflows when triggered by incoming data.
Proofpoint's research highlights how threat actors leverage automated inbox rules, designed for legitimate organization, to hide security alerts, forward sensitive data, and mark messages as read.