If you are following my Friday Phish Fry posts recently, you know that recently many of the links that I have examined resolve to addresses at sendgrid.com. Usually we are presented with a fake landing page with a credential-stealing form of some sort. What is this all about, anyway?
Sendgrid, as it turns out, is a legitimate marketing company that provides bulk email services, and also hosts marketing landing pages. So if you were interested in sending out a bunch of marketing mail to your customers, you could set it all up on Sendgrid. The links between the emails and the landing page allow you to see what your response rate is, how much sell-through is happening. You can also improve your results with A/B testing to see which marketing message gets the best results.
Unfortunately, this service is very attractive to and popular with phisher pholk (folk), too. In their inimitable fashion, they have been stealing Sendgrid credentials to use in their never-ending quest to separate you from your money. Sendgrid credentials to active user accounts are being sold on the Dark web for about $15 each.
The problem is that Sendgrid is a legitimate and respected company, and their email servers are validated using DMARC, DKIM, SPF, and other email validation systems. Most email spam filtering systems will let them right through into your inbox.
Twilio, the parent company of Sendgrid, is recommending and soon to require two-factor authentication to try and stave off all this illegal usage. But progress on this front is unusually slow, especially considering that Twilio bought MFA firm Authy in 2015.
Meanwhile, email admins are getting impatient with the volume of phishy email from Sendmail, and they are beginning to filter out the barrage. This is bad news for Sendgrid and their legitimate customers.
What the full story click on the link below. It will be interesting to see how this works out.
More information:
- Thanks to Brian Krebs for his article Sendgrid Under Siege from Hacked Accounts , which alerted me to the problem at Sendgrid
SEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com