Tweet
Hello everyone,
We would like to report and ask about a security incident observed in our EspoCRM instance, and check whether anyone else has experienced the same issue.
An Email record was created with Created By: System, with the following characteristics:
We want to clearly state that this was not a legitimate email sent by the user, and the message resembles a phishing-style notification, even though it originated internally.
At this stage, we are treating this as a security incident and are trying to understand:
Has anyone experienced the same or a similar issue?
Any shared experience or insight would be greatly appreciated.
Thank you.
We would like to report and ask about a security incident observed in our EspoCRM instance, and check whether anyone else has experienced the same issue.
An Email record was created with Created By: System, with the following characteristics:
- The sender and recipient are the same internal user email address
- The email content looks like a security alert, stating:
“abnormal activity was detected, please verify identity and change password” - This email was NOT sent by the user
- No user manually created or sent this email
- The record shows Created / Modified by: System
- The email was generated inside EspoCRM, not by the mail provider
We want to clearly state that this was not a legitimate email sent by the user, and the message resembles a phishing-style notification, even though it originated internally.
At this stage, we are treating this as a security incident and are trying to understand:
- Whether this behavior is known or previously reported
- Whether it can be triggered by Workflow, Scheduled Jobs, API, or custom code
- Whether other EspoCRM users have encountered similar System-created emails
Has anyone experienced the same or a similar issue?
Any shared experience or insight would be greatly appreciated.
Thank you.
Comment