Phishing scam targets SMBs via email provider SendGrid
MASSACHUSETTS, UNITED STATES — Cybersecurity firm Kaspersky revealed a new phishing campaign that specifically targets small and medium-sized businesses (SMBs) by exploiting the email service provider SendGrid.
This campaign is particularly dangerous as it uses stolen credentials to send out phishing emails that appear legitimate, thus deceiving recipients into providing sensitive information.
The attackers gain access to mailing lists and send emails urging recipients to enable two-factor authentication (2FA) for security purposes. However, the link provided in the email redirects to a fraudulent website that mimics the SendGrid login page, where the credentials of unsuspecting users are stolen.
The emails sent through SendGrid look authentic to email scanners, with valid links pointing to the SendGrid domain. The only potential giveaway is the sender’s address, which includes the real customer’s domain and mailing ID.
A key indicator of the scam is the phishing site’s domain “sendgreds,” which is a slight but critical variation from the legitimate “sendgrid.”
To combat such threats, Kaspersky recommends providing staff with basic cybersecurity training, conducting simulated phishing attacks, and using mail server protection solutions with anti-phishing capabilities.
Roman Dedenok, a security expert at Kaspersky, emphasizes the importance of scrutinizing emails from service providers.
“Using a reliable email service provider is important when it comes to your business’ reputation and safety,” Dedenok added.Last December, a separate Kaspersky research revealed that 45% of companies plan to outsource cybersecurity tasks within the next year to a year and a half to enhance their defenses against the growing number of cyberattacks.