Cybersecurity experts at Kaspersky have uncovered a new phishing campaign that specifically targets small and medium-sized businesses (SMBs).
The attack method involves exploiting the email service provider (ESP) Twilio SendGrid to gain access to client mailing lists, subsequently utilizing stolen credentials to send out convincing phishing emails. These emails are crafted to appear authentic, posing a significant threat to unsuspecting recipients.
In their latest findings, Kaspersky explained that by leveraging SendGrid’s infrastructure, attackers could increase the effectiveness of their phishing attempts by exploiting the trust recipients have in communications from familiar sources.
The fraudulent emails, disguised as legitimate messages from the ESP, prompt recipients to enable two-factor authentication (2FA) under the guise of enhancing security. However, the provided link redirects users to a counterfeit website mimicking the SendGrid login page, where their credentials are then harvested.
One notable aspect of this campaign is its ability to bypass traditional security measures. Since the phishing emails are routed through a legitimate service and exhibit no obvious signs of fraud, they may evade detection by automatic filters, making them particularly insidious.
Read more on phishing-enabled crime: Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
“Using a reliable email service provider is important when it comes to your business’s reputation and safety,” said Roman Dedenok, a security expert at Kaspersky.
“However, some sneaky scammers learned how to mimic reliable services – so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution.”
At the same time, the security expert highlighted that phishers also frequently exploit hijacked accounts. This is because ESPs typically subject new customers to stringent checks, while older accounts that have already sent bulk emails are often perceived as trustworthy.
To mitigate the risk of falling victim to phishing attacks, Kaspersky suggested implementing basic cybersecurity training for staff, utilizing protection solutions for mail servers with anti-phishing capabilities and deploying endpoint security solutions.
Article Updated on 23 Febrary with Twilio statement.
“Impersonating a site administrator, or other critical function, has proven an effective means of phishing across the industry, and Twilio SendGrid takes abuse of its platform and services very seriously. Twilio detected that bad actors obtained customer account credentials and used our platform to launch phishing attacks; our fraud, compliance and cyber security teams immediately shut down accounts identified and associated with the phishing campaign. We encourage all end users to take a multi-pronged approach to combat phishing attacks, including two factor authentication, IP access management, and using domain-based messaging,” said a Twilio Spokesperson