Mass-mailing service Mailgun had one of its larger accounts – the email marketing account for fast-food chain Chipotle – compromised and used to target USAA users, Microsoft users, and others with malware, according to anti-phish agency Inky, which detected 121 phishing emails originating from the compromised account. Of those attacks, 2 were vishing scams (fake voicemail notifications), 14 impersonated USAA Bank, and 105 impersonated Microsoft. The 2 vishing scams were meant to deliver malware, but the other 119 scams were attempts to harvest credentials. Inky notes that the Chipotle attackers used the same technique as the SolarWinds attack earlier this year, perpetrated by Russian threat group Nobelium. The threat group compromised SolarWinds email marketing account and sent roughly 3,000 malicious emails. It is still unclear who is behind the Chipotle attack. For more on this story, see Security Week.