Cloud Security, Phishing

Phishing attacks prompt Monday.com feature takedown

Share
A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

BleepingComputer reports that widely used cloud-based project management platform Monday.com had its "Share Update" feature removed following its exploitation to facilitate the delivery of phishing emails from its email accounts disclosed by its customers earlier this week.

Intrusions misusing the Share Update functionality involved attackers purporting to be from "Human Resources" who leveraged the "[email protected]" email address to send messages seeking feedback for this year's employee evaluation or an acknowledgment of organizational "workplace sex policy," which include links redirecting to formstack.com-hosted phishing forms. Attackers were able to leverage Share Update by providing a list of email addresses which would receive notifications, according to Monday.com, which has already suspended the user behind the exploitation.

"This feature has no connection to data hosted on monday.com or access to any customer accounts or data. We have reached out and shared precautions with the email recipients of the phishing message," noted a Monday.com spokesperson.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.