Lately, among the myriad phishing attacks we observe and detect via Cyren Inbox Security, attacks that are distributed via email delivery services (like SendGrid, MailChimp, and MailJet) are increasingly common.
How attackers take advantage of email delivery platforms’features:
Beware of SendGrid
SendGrid is one of the email delivery services most frequently misused by attackers to distribute phishing links.
A typical phishing URL would consist of a legitimate SendGrid domain along with a unique subdomain. Together, a targeted query redirects the user directly to the phishing landing page. The use of ‘sendgrid.net’ domain along with the query string allows phishers to evade the existing filtering capabilities and to reach the recipients’ mailboxes en masse.
Phishing page example: URL in the email body ‘hxxps://u14869500.ct.sendgrid[.]net/ls/click?upn='through the query opens fake Outlook Web App login page ‘hxxps://dsd-asd-asd.sciuasy98.repl[.]co/’