Kaspersky recently revealed a new phishing campaign targeting small and medium-sized businesses. The attackers use the email service provider SendGrid to access client mailing lists and steal login credentials to send phishing emails. The phishing emails are designed to appear authentic, making it easy for the attackers to trick the recipients.
Cybercriminals often target mailing lists used by companies to reach customers. They compromise companies’ accounts with email service providers to enhance the success rates of attacks. Kaspersky found a phishing campaign that harvests the credentials of SendGrid ESP by sending phishing emails directly through the ESP.
Cybercriminals pretend to be from SendGrid and urge recipients to activate 2FA to secure their accounts. However, the link redirects users to a fake SendGrid login page where their credentials are stolen.
Email scanners should know that a recent phishing attack uses a seemingly legitimate email from SendGrid’s servers, with valid links pointing to the SendGrid domain. The only indication that the email is fraudulent may be the sender’s address, as email service providers (ESPs) often use the customer’s domain and mailing ID in that field. One crucial red flag is the “sendgreds” domain used by the phishing site, which closely resembles the legitimate “sendgrid” domain. Careful scrutiny can reveal this subtle yet significant difference and potentially prevent falling victim to the scam.
Phishing emails in this campaign may evade detection by automatic filters as they are sent through a legitimate service and contain no apparent signs of phishing, making them particularly insidious.
Phishers often target hijacked accounts since ESPs consider new customers more reliable after passing rigorous checks. In contrast, old ones who have already sent bulk emails may be trusted automatically.
“Using a reliable email service provider is important when it comes to your business’ reputation and safety. However, some sneaky scammers learned how to mimic reliable services – so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution,” shared Roman Dedenok, a security expert at Kaspersky.
To keep your data protected from phishing attacks and leaks, Kaspersky experts recommend:
- Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure your employees know how to distinguish phishing emails.
- Use protection solutions for mail servers with anti-phishing capabilities to decrease the chance of infection through a phishing email. Kaspersky Security for Mail Server prevents your employees and business from being defrauded by socially engineered scams.
- Use a protection solution for endpoints and mail servers with anti-phishing capabilities, such as Kaspersky Endpoint Security for Business, to decrease the chance of infection through a phishing email.
- If using Microsoft 365 cloud service, remember to protect it, too. Kaspersky Security for Microsoft Office 365 has dedicated anti-spam and anti-phishing protection for SharePoint, Teams, and OneDrive apps for secure business communications.
- Use lightweight, easy-manageable, but practical solutions such as Kaspersky Small Office Security. It helps prevent being locked out of your computer due to phishing emails or malicious attachments.
- Finding a dedicated solution for small and medium businesses with simple management and proven protection features, such as Kaspersky Endpoint Security Cloud. File Threat Protection, Mail Threat Protection, Network Threat Protection, and Web Threat Protection within the product include technologies that shield users from malware, phishing, and other threats.
Read more about this phishing campaign on Kaspersky Daily.
Leave a comment