MailGuard Blog — Breaking alerts, news and updates on cybersecurity topics

Cloudflare customers targeted with fake security notice

Written by MailGuard | 27 October 2025 01:54:51 Z

Cloudflare delivers network and security products for consumers and businesses across the globe, serving 78 million HTTP requests on average every second. So, it should come as no surprise that scammers love to masquerade as the company to trade on its trust and goodwill with customers. That’s the case with this latest scam, intercepted by MailGuard’s AI filter network, it presents as a ‘Security Notice’ urging customers to review recent account activity and update security settings.

What out team is seeing

The email arrives as an “Important Security Notice from Cloudflare”, with a display name of Help Center. The sender’s are randomised variations from the berniestreet.com domain, for example adamparkc(at)berniestreet.com, paulinecioccolinic(at)berniestreet.com, or abirrec(at)berniestreet.com. Addresses are varied per send to evade simple blocking.

A single “Review Security Settings” button in a simple HTML email, opens a counterfeit Cloudflare login page that asks for email and password, then forwards the user to the genuine Cloudflare portal, creating the false impression of a normal sign-in.

The ultimate goal of the scam is credential harvesting for later account takeover, potential MFA fatigue attacks, or broader lateral movement against your organisation.

What to look out for

  • Sender domain mismatch: Messages claiming to be from Cloudflare but sent from @berniestreet.com or other unrelated domains.
  • Generic greeting and stock wording: “Dear customer” and vague security prompts.
  • Rogue links: The sign-in page is not on an official Cloudflare domain. Always check the URL carefully before entering credentials.
  • Forwarded subject lines: “Fwd:” used to fake internal relevance and urgency.

Why this matters for businesses

Cloud platform accounts are high-value targets. Stolen credentials can enable DNS manipulation, website defacement, traffic interception, and access to broader infrastructure. The redirection to the real portal after harvesting increases the success rate, because users often assume they mistyped their password and try again.

Recommended actions

  • Do not trust sign-in prompts from email links. Browse directly to the service by typing the URL or using a trusted bookmark.
  • Enforce phishing-resistant MFA across admin and user accounts where supported.
  • Monitor sign-ins and admin events for impossible travel, new device enrolments, and unusual API activity.
  • Harden with layered email security. MailGuard blocks these campaigns in real time, reducing exposure before users can click.
  • If someone has already clicked:
    • Reset the account password and revoke tokens,
    • Review MFA devices and recovery methods,
    • Check recent activity, API keys, and DNS or firewall changes,
    • Consider forced re-authentication and session revocation.

Stay Safe, Know the Signs

MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.

Avoid emails that:

  • Aren’t addressed to you personally.
  • Are unexpected and urge immediate action.
  • Contain poor grammar or miss crucial identifying details.
  • Direct you to a suspicious URL that isn’t associated with the genuine company.

Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.

One Email Is All That It Takes   

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters!  Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

 
View full post