Over the last week, I've seen multiple phishing attacks using what appear to be compromised Constant Contact accounts. It's possible accounts have been compromised through password spraying or using credentials that have been obtained from other breaches (password reuse). Since Constant Contact is considered a trusted platform, phishing emails may bypass some of the usual controls. While 2FA isn't a panacea, it prevents accounts from being easily compromised using the methods I mentioned above.
... View more
