Attackers Exploit Misconfigured Email Routing for Internal Spoofed Phishing

According to a report by Security Affairs, cybercriminals are exploiting misconfigured email routing and inadequately configured anti-spoofing protections to launch phishing campaigns that appear to originate from internal domains. This technique enables attackers to bypass domain spoofing defenses and target organizations with a high degree of success. The attackers are utilizing Phishing-as-a-Service (PhaaS) platforms, such as Tycoon2FA, to steal credentials from unsuspecting victims. The primary objective of these campaigns is the theft of credentials, which can subsequently be used to facilitate Business Email Compromise (BEC) attacks. Although the provided summary does not specify the number of victims or the exact timeline of these campaigns, the use of PhaaS platforms underscores a concerning trend in the commodification of phishing attacks. To mitigate these risks, organizations are advised to review and correct their email routing configurations and ensure that anti-spoofing mechanisms are properly implemented and enforced. For a more comprehensive understanding of this threat, refer to the original article published by Security Affairs.