Target: Businesses using Email Service Providers (ESPs) like SendGrid to send email campaigns, and the receivers of the emails
Method:
- Gain access to an ESP account: This could be through hijacking a legitimate account or other means.
- Send phishing emails through the ESP: These emails pose as legitimate messages from the ESP, urging users to update security settings (e.g., enable 2FA).
- Use spoofed links: The links in the email appear to point to the ESP’s domain, bypassing usual phishing red flags.
- Redirect to fake login page: Clicking the link leads to a website resembling the ESP’s login page, designed to steal user credentials.
Why it’s dangerous:
- Increased trust: Users are more likely to open emails appearing to come from a familiar ESP.
- Bypassing safeguards: Spoofed links and redirection make it harder to detect the scam.
You must log in or # to comment.