Email security

The spam campaign involves attackers exploiting Zendesk ticket submission forms to send emails to vast lists of addresses.

The campaign utilizes a wide range of randomly generated domains and subject lines designed to instill urgency, often personalizing messages with recipient names and specific dates.

The attack uses seemingly benign attachments and trusted cloud infrastructure to evade detection.

Why our reactive-based security system based on somebody getting hit no longer works in the AI era.

These deceptive emails, originating from seemingly legitimate OpenAI accounts, aim to trick recipients into clicking malicious links or calling fraudulent numbers.

The vulnerability resides in SmarterMail's APT unauthenticated ForceResetPassword API endpoint.

The attackers likely initiated access using previously compromised email addresses, sending phishing emails containing a SharePoint URL disguised with subjects like "New Proposal - NDA," according to Microsoft.

Attackers are abusing Zendesk instances that allow unverified users to submit support tickets.