Subj : SMBs are being targeted by this new phishing scam make sure you To : All From : TechnologyDaily Date : Fri Feb 23 2024 14:15:05 SMBs are being targeted by this new phishing scam make sure you don't fall victim Date: Fri, 23 Feb 2024 13:03:18 +0000 Description: SendGrid is being abused to deliver phishing emails straight into the inbox, which trick users into giving away their login credentials. FULL STORY ====================================================================== Hackers have been spotted abusing a known email service provider (ESP) to target businesses with convincing phishing emails and steal their login credentials. Cybersecurity researchers from Kaspersky uncovered this new phishing campaign that exploits SendGrid, a Colorado-based email service provider which, as of 2021, has had more than 80,000 clients. Its clients are mostly small and medium-sized businesses (SMB) which use the services to communicate with their customers, sending emails in bulk, fast and cheap. Bypassing email security According to the researchers, unnamed attackers exploited SendGrid to access client mailing lists, and used those to send custom-tailored, well-built phishing emails. The emails, they said, appeared quite authentic, significantly increasing the chances of success. In the emails, the attackers impersonated SendGrid and demanded users activate multi-factor authentication (MFA). The emails further carried a link which, if clicked, led to a landing page that mimicked the SendGrid login page, but was instead under the control of the attackers. There, whoever typed in their login credentials essentially shared them with the attackers. Besides super convincing phishing emails, another thing makes this campaign particularly destructive - the fact that it successfully bypasses traditional email security measures. As the emails go through a legitimate service and show no obvious signs of fraud, most email security solutions did not filter them out and instead had them land right in the inbox. Using a reliable email service provider is important when it comes to your businesss reputation and safety, said Roman Dedenok, a security expert at Kaspersky. However, some sneaky scammers learned how to mimic reliable services so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution. One of the best ways to protect against phishing is to train the staff to be able to spot email-borne attacks, Kaspersky concluded. More from TechRadar Pro Everything you need to know about phishing Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/smbs-are-being-targeted-by-this-new-phi shing-scam-make-sure-you-dont-fall-victim --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .