Cloudflare phishing emails through official sender

What is the name of the domain?

example.com

What is the issue you’re encountering

Phishing emails

What steps have you taken to resolve the issue?

I think someone might have hacked Cloudflare, stolen API keys or perhaps their email sender SparkPost, as I’ve been receiving phishing emails, with SPF/DKIM/DMARC fully authenticated and sent by 192.174.87.157, which is the authorized sender of SparkPost through notify.cloudflare.com

Anyone else receiving these type of emails? I just opened a ticket with them to look up into it, as these phishing emails are coming to my main inbox, and didn’t get an answer so far.

You can see on the screenshot that those emails point to a fake Cloudflare domain, surpassing the official panel, for stealing credentials.

email .eml from google attached.

i created a case about this, but no one answered yet… so i’m posting this here.

Screenshot of the error

I also tried to use the report page on Cloudflare’s website, but unfurtunately it requires a URL of a Cloudflare hosted website. There should be somewhere we can quickly contact Cloudflare for reporting vulnerabilities such as this.

Most organizations have security.txt. Here is Cloudflare’s:

https://www.cloudflare.com/.well-known/security.txt

3 Likes

Just reported there now. Thank you.

3 Likes