Beware of phishing emails coming from reputable sources
We live in a time where scammers constantly send phishing emails trying to deceive you and rob you of your money. But these emails often come from sketchy sources, so if you pay attention, you will understand that the email is a phishing attempt.
But now, you should also keep an eye out for phishing emails that truly come from legitimate sources. Mailchimp, an email marketing platform that mediates between you and other companies by sending you emails on their behalf, has recently been hacked. As first reported by BleepingComputer, hackers used an internal Mailchimp tool to steal data from over 100 of the company's clients.
According to Mailchimp, the compromised clients were cryptocurrency services and financial institutions. Hackers gained access to Application Programming Interface (API) keys, which enable Mailchimp clients to create and manage their own email campaigns. Hackers used the stolen data for phishing attacks, sending emails to the customers of these companies. Mailchimp stated that these API keys are now blocked.
Mailchimp's CISO, Siobhan Smyth, said in a statement, "We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents."
But now, you should also keep an eye out for phishing emails that truly come from legitimate sources. Mailchimp, an email marketing platform that mediates between you and other companies by sending you emails on their behalf, has recently been hacked. As first reported by BleepingComputer, hackers used an internal Mailchimp tool to steal data from over 100 of the company's clients.
Although Mailchimp did not specify which companies were targeted by the hack, one company is known to have been affected. Many users of Trezor, a company providing hardware cryptocurrency wallets, have received phishing emails claiming that Trezor has suffered a data breach. The emails tried to deceive the Trezor clients into resetting their hardware wallet PINs by downloading malicious software that would steal their stored cryptocurrency.
Mailchimp's CISO, Siobhan Smyth, said in a statement, "We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents."
Things that are NOT allowed: