Kaspersky has discovered a new phishing campaign targeting small and medium-sized businesses, exploited by email service provider SendGrid. This attack uses stolen credentials to access customer mailing lists, allowing cybercriminals to send convincing phishing emails that look legitimate.
These types of attacks are common as cybercriminals target mailing lists used by companies to communicate with their customers. By gaining access to legitimate tools for sending mass emails, attackers can significantly increase the success rates of their scams. In its recent investigation, Kaspersky has identified a phishing campaign that takes advantage of this by compromising SendGrid ESP credentials to send phishing emails directly through the service itself.
Sending phishing emails through ESP improves the credibility of the attack as recipients are more likely to trust communications from known sources. Phishing emails, disguised as SendGrid messages, ask recipients to enable two-factor authentication (2FA) to improve account security. However, the provided link redirects users to a fake website that imitates the SendGrid login page, where their credentials are collected.
Despite appearing legitimate to email scanners, these phishing emails can bypass traditional security measures due to coming from a trusted service and lack of obvious signs of phishing. The only potential reveal is the sender address, which may raise suspicion because the fraudulent domain “sendgreds” closely resembles the legitimate “sendgrid.”
This campaign is particularly concerning because it bypasses standard security measures and may go undetected by automated filters. Roman Dedenok, security expert at Kaspersky, advises companies to remain alert and careful.
“Using a reliable email service provider is important when it comes to your company’s reputation and security. However, some clever scammers have learned to imitate trusted services, so it is crucial to properly review the emails you receive and, for better protection, install a reliable cybersecurity solution.”