InfoSecBulletin Cybersecurity for mankind
A scam campaign linked to an unknown threat actor is using an email routing misconfiguration in Proofpoint’s defenses to send millions of fake emails pretending to be from companies like Best Buy, IBM, Nike, and Walt Disney. Guardio Labs named the campaign EchoSpoofing.
It started in January 2024. The threat actor took advantage of a loophole and sent around three million emails per day on average. In early June, the number of emails reached a peak of 14 million as the company Proofpoint started to take action against it.
HPE alerts of hardcoded passwords in Aruba access points
Akira Ransomware Allegedly Compromise 12 Companies in 72 Hours
Singapore urgently engage military force to tackle ‘serious’ cyberattack
Hackers infect 10M Androids with BADBOX 2.0
Oracle Patched 200 Vulns With July 2025 CPU
Ivanti Zero-Days Exploited to Drop MDifyLoader
CISA added Fortinet FortiWeb vul to KEV catalog
Adoption Agency Exposes One Million+ Records
CVE-2025-20337
Patch Now! Cisco ISE bug allows pre-auth command execution
BD Bank Honours PABC Officials for Foiling $20 Million Cyber Fraud Attempt
The Hacker News reported “These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceive recipients and steal funds and credit card details,”.
“The most unique and powerful part of this domain is the spoofing method – leaving almost no chance to realize this is not a genuine email sent from those companies,” Guardio Labs researcher Nati Tal told.
“This EchoSpoofing concept is really powerful. It’s kind of strange it is being used for large-scale phishing like this instead of a boutique spear-phishing campaign – where an attacker can swiftly take any real company team member’s identity and send emails to other co-workers – eventually, through high-quality social engineering, get access to internal data or credentials and even compromise the entire company.
The technique utilizes an SMTP server on a virtual private server (VPS) to send messages, ensuring compliance with authentication and security measures like SPF and DKIM. Click here to read the full report.
