Kaspersky has uncovered a new phishing campaign aimed at small and medium-sized businesses, which exploits the email service provider SendGrid. This attack utilizes stolen credentials to access client mailing lists, allowing cybercriminals to send out convincing phishing emails that appear legitimate.
These types of attacks are common as cybercriminals target mailing lists used by companies to communicate with their customers. By gaining access to legitimate tools for sending bulk emails, attackers can significantly increase the success rates of their scams. In their recent research, Kaspersky has identified a phishing campaign that takes advantage of this by compromising SendGrid ESP credentials to directly send phishing emails through the service itself.
Sending phishing emails through the ESP enhances the credibility of the attack, as recipients are more likely to trust communications from familiar sources. The phishing emails, disguised as messages from SendGrid, prompt recipients to enable two-factor authentication (2FA) to enhance account security. However, the provided link redirects users to a fake website mimicking the SendGrid login page, where their credentials are harvested.
An example of phishing email
Despite appearing legitimate to email scanners, these phishing emails may bypass traditional security measures due to their origin from a reputable service and lack of obvious signs of phishing. The only potential giveaway is the sender’s address, which may raise suspicion due to the fraudulent “sendgreds” domain closely resembling the legitimate “sendgrid.”
This campaign is particularly concerning because it circumvents standard security measures and may go undetected by automatic filters. Roman Dedenok, a security expert at Kaspersky, advises businesses to remain vigilant and careful.
“Using a reliable email service provider is important when it comes to your business’ reputation and safety. However, some sneaky scammers learned how to mimic reliable services – so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution”.