Kaspersky has uncovered a new phishing campaign aimed at small and medium-sized businesses, which exploits the email service provider SendGrid. This attack utilizes stolen credentials to access client mailing lists, allowing cyber-criminals to send out convincing phishing emails that appear legitimate.
These types of attacks are common as cyber-criminals target mailing lists used by companies to communicate with their customers. By gaining access to legitimate tools for sending bulk emails, attackers can significantly increase the success rates of their scams. In their recent research, Kaspersky has identified a phishing campaign that takes advantage of this by compromising SendGrid ESP credentials to directly send phishing emails through the service itself.
Sending phishing emails through the ESP enhances the credibility of the attack, as recipients are more likely to trust communications from familiar sources. The phishing emails, disguised as messages from SendGrid, prompt recipients to enable two-factor authentication (2FA) to enhance account security. However, the provided link redirects users to a fake website mimicking the SendGrid login page, where their credentials are harvested.