top of page

CRM Platforms and Bulk Email Providers on High Alert for new Phishing Threat

  • Writer: Greg Meyers
    Greg Meyers
  • Apr 7
  • 2 min read

A sophisticated and very dangerous phishing campaign entitled PoisonSeed has recently emerged, targeting Customer Relationship Management (CRM) platforms and bulk email service providers. The primary objective of PoisonSeed is to exploit these platforms to disseminate phishing emails aimed at compromising cryptocurrency wallets. Notable targets include services such as Mailchimp, HubSpot, Zoho, SendGrid, and Mailgun. In essence, PoisonSeed is centered specifically on cryptocurrency theft through phishing. So how does this attack work? Let's discuss....


Step-by-Step details on how PoinsonSeed works


  • Creation of Deceptive Phishing Pages: Attackers design phishing pages that closely resemble the login portals of targeted CRM and email platforms. These counterfeit pages are crafted to deceive users into entering their credentials. 

  • Credential Theft and Unauthorized Access: When users input their login information into these fraudulent pages, attackers capture these credentials, gaining unauthorized access to the victims' accounts.

  • Data Exfiltration and Persistence: Upon accessing the compromised accounts, attackers export valuable data, such as email lists, and generate new API keys. This ensures continued access even if the original credentials are changed.

  • Distribution of Phishing Emails: Utilizing the compromised accounts, attackers send bulk phishing emails. These emails often contain urgent messages, such as notifications about "restricted sending privileges" or prompts related to cryptocurrency wallet migrations.

  • Seed Phrase Poisoning: A distinctive tactic involves providing victims with a seed phrase under the pretense of setting up a new cryptocurrency wallet, such as a Coinbase Wallet. If victims use this seed phrase, attackers can later access and drain funds from the wallet. 


How can companies defend themselves against PoisonSeed?


  • Vigilance Against Phishing Attempts: Exercise caution with unsolicited emails, especially those requesting credential input or containing seed phrases.

  • Verification of Communications: Confirm the legitimacy of communications by directly contacting the service provider through official channels.​

  • Regular Monitoring of Accounts: Regularly review account activities for any unauthorized actions and respond promptly to anomalies.​

  • Employee Training: Educate employees about recognizing phishing attempts and the importance of safeguarding login credentials.​

  • Implementation of Multi-Factor Authentication (MFA): Strengthen account security by requiring multiple forms of verification for access.​


By adopting these proactive measures, the risks associated with campaigns like PoisonSeed can be significantly mitigated.

 
 
 

Comments

bottom of page