Guardio Labs exposes 'EchoSpoofing,' a critical flaw in Proofpoint's email system allowing massive phishing attacks using trusted brands

Guardio's platform is a resource for cybersecurity professionals and internet users, offering insights into online security threats, malware protection, and data privacy. Through articles, security alerts, and educational resources, Guardio offers insights into common cybersecurity risks, security best practices, and digital hygiene habits. Readers can learn about protecting their devices from malware, securing their online accounts, and staying safe while browsing the internet to mitigate cyber threats and safeguard their personal information.

Guardio

Guardio Labs discovered a phishing campaign exploiting Proofpoint’s email protection to send millions of perfectly spoofed emails from major brands like Disney, IBM, and Nike. The attack bypassed security by leveraging authenticated SPF and DKIM signatures, deceiving recipients and stealing sensitive information. The campaign traced back to vulnerabilities in the email relay configuration of Proofpoint's servers and Office365 accounts. Proofpoint and Guardio collaborated to mitigate the issue, emphasizing the need for vigilant and proactive security measures.

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails

Proofpoint’s Relay Servers as the Enabler

Injecting Spoofed Headers with Email Relaying

A Permissive Configuration Turned Detrimental

Finalizing the Email Flow with Connectors

The Powerful Backend Behind the Operation

Disclosure and Cooperation with Proofpoint