Quote:Customers who signed up for emails from fast-food chain Chipotle Mexican Grill were recently faced with bigger challenges than queso versus sour cream. A breach of the restaurant’s email marketing service last month lead to customers being served phishing lures and malicious links that redirected to credential harvesting sites.
Researchers at Inky reported that Chipotle’s email vendor Mailgun was breached, allowing threat actors to commandeer the company’s email marketing efforts.
Mailgun has not responded to Threatpost’s request for comment.
The Inky report, posted Friday, found 121 phishing emails sent from the compromised Chipotle Mailgun account sent between July 13 and July 16. Those attacks included two vishing attacks (using malicious voicemail message attachments), 14 impersonated USAA bank to harvest financial data and the remaining 105 emails attempted to redirect users to a spoofed Microsoft site that attempted to steal credentials.
Read more: Chipotle Emails Serve Up Phishing Lures | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
