Slipping Through the Filters

Scammers are always trying new techniques to get their phishing emails in front of as many targets as possible. They will regularly procure new domains, create new email addresses, and come up with different pretexts to get you to click. A recent scam brought to light another approach: scamming a trusted SMTP provider first and then using their credentials to reach a wider audience.

The Scam

The scam used a Zoom invitation as the pretext, which sounds like pretty standard phishing, right? But instead of going directly to victims with a look-alike email address, the scammers first compromised SendGrid accounts. If you are not familiar with SendGrid, it’s a mail delivery provider widely used by a myriad of businesses to deliver marketing emails, newsletters, and other communications. Because SendGrid delivers so many legitimate emails on behalf of legitimate companies, it is likely to make it through spam filters into users’ inboxes. The scammer then used those stolen SendGrid credentials to deliver the Zoom phishing email.

Executing this “pre-scam” and then using those stolen SendGrid credentials allowed the scammer to reach far more users than just using a fake email address. In fact, according to a phishing intelligence service called WMC Global, this particular scam garnered approximately 400,000 unique credentials.

Staying Safe

How do we suggest staying safe from these more sophisticated phishing scams? By applying phishing recognition techniques to each and every email in our inbox! Here are the steps:

  1. Do you recognize the sender? In this case, the answer may be yes. But that’s not where the evaluation stops.
  2. Were you expecting this email? You may get lots of Zoom invitations, but were you expecting this one in particular?
  3. What is the sender requesting? Be wary if the email asks you to click a link, provide your login or other personal information.
  4.  Verify the request. If you are asked to provide any personal, confidential, or sensitive information, verify the request using independent contact information.

Scammers are working hard to trick you. Keep your defenses up and your phishing recognition skills sharp by running through these steps each time you open an email.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s