A sophisticated phishing campaign targeting small and medium-sized businesses (SMBs) has been uncovered by Kaspersky cybersecurity experts [1] [3] [6]. This campaign exploits the email service provider SendGrid to send convincing phishing emails to recipients.


This phishing campaign involves attackers using stolen credentials to send phishing emails through SendGrid, taking advantage of recipients’ trust in familiar sources. The emails prompt recipients to enable two-factor authentication (2FA) under the guise of enhancing security [1], redirecting them to a counterfeit website to harvest their credentials [1]. By leveraging SendGrid’s infrastructure [1] [3], attackers increase the effectiveness of their phishing attempts and bypass traditional security measures, making them difficult to detect [1]. To mitigate the risk of falling victim to such attacks [1], Kaspersky recommends implementing basic cybersecurity training for staff [1], utilizing protection solutions for mail servers with anti-phishing capabilities [1], and deploying endpoint security solutions [1] [5]. It is also crucial to deploy advanced anti-phishing technology on all devices with internet access and enable two-factor authentication through the legitimate settings on the ESP’s website [2]. This phishing campaign targets mailing lists used by companies to reach their customers, presenting opportunities for spamming [6], phishing [1] [2] [3] [4] [5] [6], and other sophisticated scams [6]. The attackers refine their methods by harvesting credentials of the SendGrid ESP and sending phishing emails directly through the ESP itself [6]. The phishing emails appear to originate from SendGrid [6], expressing concern about security and urging recipients to enable 2FA to protect their accounts [6]. However, the provided link redirects users to a fraudulent website mimicking the SendGrid login page [6], where their credentials are harvested [6]. These phishing emails bypass traditional security measures [1] [6], as they are sent through a legitimate service and contain no obvious signs of phishing [6], potentially evading detection by automatic filters [5] [6]. Properly checking the emails received is crucial for businesses to avoid falling victim to such scams.


This phishing campaign targeting SMBs through SendGrid highlights the importance of implementing robust cybersecurity measures. By following Kaspersky’s recommendations and staying vigilant, businesses can protect themselves from falling victim to such sophisticated scams in the future.


[1] https://www.infosecurity-magazine.com/news/smbs-risk-innovative-phishing/
[2] https://usa.kaspersky.com/blog/sendgrid-credentials-phishing/29790/
[3] https://ciso2ciso.com/smbs-at-risk-from-sendgrid-focused-phishing-tactics-source-www-infosecurity-magazine-com/
[4] https://ilcentrotirreno.it/sito/immediapress/160325-phishing-tramite-esp-kaspersky-svela-una-nuova-truffa-che-prende-di-mira-le-pmi.html
[5] https://www.padovanews.it/2024/02/23/phishing-tramite-esp-kaspersky-svela-una-nuova-truffa-che-prende-di-mira-le-pmi/
[6] https://vmblog.com/archive/2024/02/22/kaspersky-uncovers-new-scam-targeting-smbs-phishing-via-email-service-providers.aspx