HQ/EMEAFind out how we can help your business
Numerous phishing operations have forced the project management software company, Monday.com, to delete its “Share Update” feature.
Monday.com is a cloud-based project management tool that aids teams in organising and managing their work using automated workflows and dashboards. This platform became a prominent tool as big-time companies, such as Coca-Cola, Canva, LionsGate, Oxy, Compass, and Zippo, employed its services. As of now, the company is leveraged by about 225,000 customers.
Monday.com became aware of the phishing campaigns after receiving reports of these malicious emails.
Last week, Monday.com customers reported concerns about a possible company compromise after receiving phishing emails from their accounts. Based on reports, these emails were sent via SendGrid from notifications@monday.com, with SPF, DMARC, and DKIM authentication.
In addition, these phishing emails claimed to be from a “Human Resources” department. The contents of the emails asked users to either recognise the “organisation’s workplace sex policy” or provide comments as part of a “2024 Employee Evaluation.”
The emails included links to phishing forms on formstack.com via abbreviated URLs like tinyurl.com. However, their operators subsequently removed the forms related to these phishing campaigns before the researchers traced their origins.
After the initial assessment of the phishing attacks, the company disclosed that the attackers operated the campaign through their ‘Share Update’ tool. Thus, the company claimed an undisclosed group or user misused the feature by sending phishing messages.
The compromised feature has no connection to data hosted on Monday.com or access to any customer accounts or data. In addition, the company also assured everyone that they had already reached out and shared precautions with the email recipients of the phishing message.
Furthermore, Monday.com explained that the threat actor misused this capability by entering a list of email addresses to whom notification should be issued, which may have included persons outside their organisation.
The company declined to reveal the number of recipients of the phishing emails but confirmed that they had contacted all affected individuals to inform them of the phishing attempts. Monday.com is currently reviewing the status of its Share Update feature, with no exact date set for when it will be available again.
