Cybersecurity specialists at Kaspersky have uncovered a brand new phishing marketing campaign that particularly targets small and medium-sized companies (SMBs).
The assault methodology entails exploiting the e-mail service supplier (ESP) SendGrid to achieve entry to shopper mailing lists, subsequently using stolen credentials to ship out convincing phishing emails. These emails are crafted to seem genuine, posing a big risk to unsuspecting recipients.
Of their newest findings, Kaspersky defined that by leveraging SendGrid’s infrastructure, attackers may improve the effectiveness of their phishing makes an attempt by exploiting the belief recipients have in communications from acquainted sources.
The fraudulent emails, disguised as reputable messages from the ESP, immediate recipients to allow two-factor authentication (2FA) underneath the guise of enhancing safety. Nonetheless, the supplied hyperlink redirects customers to a counterfeit web site mimicking the SendGrid login web page, the place their credentials are then harvested.
One notable facet of this marketing campaign is its means to bypass conventional safety measures. Because the phishing emails are routed by a reputable service and exhibit no apparent indicators of fraud, they might evade detection by automated filters, making them notably insidious.
Learn extra on phishing-enabled crime: E-mail Nightmare: 94% of Corporations Hit by Phishing Assaults in 2023
“Utilizing a dependable e mail service supplier is essential on the subject of what you are promoting’s repute and security,” stated Roman Dedenok, a safety skilled at Kaspersky.
“Nonetheless, some sneaky scammers discovered the best way to mimic dependable providers – so it’s essential to examine the emails that you just obtain correctly, and, for higher safety, set up a dependable cybersecurity resolution.”
On the similar time, the safety skilled highlighted that phishers additionally incessantly exploit hijacked accounts. It’s because ESPs sometimes topic new clients to stringent checks, whereas older accounts which have already despatched bulk emails are sometimes perceived as reliable.
To mitigate the chance of falling sufferer to phishing assaults, Kaspersky prompt implementing primary cybersecurity coaching for workers, using safety options for mail servers with anti-phishing capabilities and deploying endpoint safety options.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25181643/GB99y4eXsAAN5ji.jpeg "Humane’s AI Pin is slightly delayed, now comes with months of free service")
