Attackers have been actively exploiting a flaw in Rackspace’s hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams.
So warns 7 Elements, an IT security testing consultancy based in Edinburgh, Scotland, which says that attackers have been using what it’s dubbed as an “SMTP Multipass” attack – SMTP refers to simple mail transfer protocol – since it’s designed to subvert multiple accounts and bypass DNS-based defenses against spoofed emails. All organizations that use Rackspace’s hosted email services appear to have been vulnerable to having their email domains get misused in this manner.