Connect with us

Hi, what are you looking for?

HEADLINES

Phishing via ESPs identified as new scam targeting SMBs

The attack leverages the email service provider SendGrid to infiltrate client mailing lists and employs stolen credentials to send out phishing emails, making them appear authentic, thus easily tricking recipients.

A new phishing campaign targeting small and medium-sized businesses has been exposed by Kaspersky. The attack leverages the email service provider SendGrid to infiltrate client mailing lists and employs stolen credentials to send out phishing emails, making them appear authentic, thus easily tricking recipients.

Cybercriminals often target mailing lists used by companies to reach their customers, presenting opportunities for spamming, phishing, and other sophisticated scams. Access to legitimate tools for sending bulk emails further enhance the success rates of such attacks. Consequently, attackers frequently attempt to compromise companies’ accounts with email service providers (ESPs). In its latest research, Kaspersky has discovered a phishing campaign that refines this attack method by harvesting credentials of the SendGrid ESP by sending phishing emails directly through the ESP itself. 

By sending phishing emails directly through the ESP, attackers increase the likelihood of success, capitalizing on recipients’ trust in communications from familiar sources. The phishing emails appear to originate from SendGrid, expressing concern about security and urging recipients to enable two-factor authentication (2FA) to protect their accounts. However, the provided link redirects users to a fraudulent website mimicking the SendGrid login page, where their credentials are harvested.

An example of phishing email

To all email scanners, the phishing looks like a perfectly legitimate email sent from SendGrid’s servers with valid links pointing to the SendGrid domain. The only thing that may alert the recipient is the sender’s address. That’s because ESPs put the real customer’s domain and mailing ID there. An important sign of fraud is the phishing site’s “sendgreds” domain, which closely resembles the legitimate “sendgrid” at first glance, serving as a subtle yet significant warning sign.

Advertisement. Scroll to continue reading.

What makes this campaign particularly insidious is that the phishing emails bypass traditional security measures. Since they are sent through a legitimate service and contain no obvious signs of phishing, they may evade detection by automatic filters. 

“Using a reliable email service provider is important when it comes to your business’ reputation and safety. However, some sneaky scammers learned how to mimic reliable services – so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution,” comments Roman Dedenok, a security expert at Kaspersky.

Most often, phishers make use of hijacked accounts, because ESPs subject new customers to rigorous checks, while old ones who have already fired off some bulk emails are considered reliable. 

Read more about this phishing campaign on Kaspersky Daily.

To keep your data protected from phishing attacks and leaks, Kaspersky experts recommend:

Advertisement. Scroll to continue reading.
  • Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that your employees know how to distinguish phishing emails.
  • Use protection solutions for mail servers with anti-phishing capabilities, to decrease the chance of infection through a phishing email. Kaspersky Security for Mail Server prevents your employees and business from being defrauded by socially engineered scams.
  • Use a protection solution for endpoints and mail servers with anti-phishing capabilities, such as Kaspersky Endpoint Security for Business, to decrease the chance of infection through a phishing email. 
  • If using Microsoft 365 cloud service, don’t forget to protect it too. Kaspersky Security for Microsoft Office 365 has a dedicated anti-spam and anti-phishing as well as protection for SharePoint, Teams and OneDrive apps for secure business communications.
  • Use lightweight and easy-manageable but still effective solutions such as Kaspersky Small Office Security. It helps prevent being locked out of your own computer due to phishing emails or malicious attachments.
  • Finding a dedicated solution for small and medium businesses with simple management and proven protection features; such as Kaspersky Endpoint Security Cloud. File Threat Protection, Mail Threat Protection, Network Threat Protection, and Web Threat Protection within the product include technologies that shield users from malware, phishing, and other types of threats.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement