SendGrid Amazon SES compromise leads to phishing email

SendGrid Amazon SES compromise leads to phishing email

Fake email from 'Sendgrid Renewal Team' does the rounds

Credit: Dreamstime

Email services provider SendGrid has had its service hit by a phishing spoof due to a compromised Amazon SES account.

According to security firm MailGuard, the email purports to come from the 'Sendgrid Renewal Team', using its branding, images and support links.

However, according to MailGuard, the domain used in the email address provided in the “from” field doesn’t belong to SendGrid and comes from a compromised Amazon SES account.

The email informs recipients that their services have “failed to auto-renew and are about to expire”. To rectify the issue, recipients are advised to update their billing information via a link.

Users who click on the link are led to a page that instantly redirects them, then leads them to a legitimate-looking copy of the SendGrid login page, which is a phishing page hosted on a compromised website

If the unsuspecting user submits their credentials, the attacker can harvest them for later use, and the user is then redirected to the actual SendGrid login page.

"Many companies use SendGrid to communicate with their customers via email, or else pay marketing firms to do that on their behalf using SendGrid’s systems," MailGuard said in a blog post.

"Receiving an email informing them that their services are “about to expire” is therefore likely to be alarming among companies. They may want to take immediate action in order to minimise disruptions to email communications with their customers. Cybercriminals hope that in their urgency to rectify the issue, users don’t pause to check for the legitimacy of the email and click on the phishing link."

Although the email has elements such as branding and imagery, MailGuard pointed out that the inaccurate spelling of SendGrid in the email's display name — 'Sendgrid' — and the fact that the email's sender address doesn't use a domain belonging to the company are red flags. 

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags SendGridAmazon SES



Channel gathers for Nextgen New Zealand's Summer (Somewhere) Party

Channel gathers for Nextgen New Zealand's Summer (Somewhere) Party

Held in Auckland, Nextgen New Zealand's Summer (Somewhere) Party was an opportunity for celebration with a tangerine taste of summer. Nexgen's channel community seized the opportunity to catch-up with familiar faces and enjoy an in-person gathering.

Channel gathers for Nextgen New Zealand's Summer (Somewhere) Party
Show Comments