Mailer Lite, a digital marketing platform, was recently targeted by a phishing attack, resulting in a financial loss of more than $600,000.
The attackers used a vulnerability in Mailer Lite’s system to impersonate Web3 organizations and send deceptive emails containing malicious links.
Blockaid, a Web3 security and privacy firm, revealed the complex details of the attack. The perpetrators used a vulnerability in Mailer Lite’s infrastructure to create emails that appeared to be from various Web3 entities.
Mailer Lite had previously been granted permission to send emails on behalf of these organizations, allowing for potential exploitation.
The attackers used a technique known as “dangling DNS” records, which were linked to Mailer Lite by the affected web3 companies. Even though these organizations closed their accounts, the DNS records remained active.
This oversight enabled the attackers to claim and impersonate these accounts, carrying out their malicious activities.
The attackers used deceptive emails that looked like legitimate communications from reputable Web3 organizations.
These fraudulent emails included links to malicious websites intended to drain recipients’ digital wallets. Using pre-existing DNS records associated with Mailer Lite, the attackers created the illusion of authenticity, increasing the credibility of their phishing scheme.
The phishing attack had serious financial consequences for Mailer Lite, with losses exceeding $600,000. Victims of the malicious emails suffered financial losses as their digital wallets were drained.
When Mailer Lite discovered the attack, it immediately launched an investigation and addressed the exploited vulnerability.
The company works with law enforcement agencies to identify and apprehend the perpetrators. Furthermore, Mailer Lite is collaborating closely with affected Web3 organizations to correct the situation and limit further damage.