Kaspersky has unveiled a sophisticated new phishing campaign specifically aimed at small and medium-sized businesses (SMBs), exploiting the email service provider (ESP) SendGrid to infiltrate and exploit client mailing lists. This campaign uses stolen credentials to craft authentic-looking phishing emails that then enable cybercriminals to access these businesses.

Phishing emails are a common weapon in the cybercriminal's arsenal, with the aim of duping recipients into revealing sensitive data or installing malicious software. The tactics used in this recent campaign are particularly insidious as the phishing emails are sent directly through SendGrid, exploiting the trust users place in communications from a familiar source. The phishing emails seemingly originate from SendGrid and contain links that redirect users to fraudulent websites designed to mirror the SendGrid login page - bypassing traditional security measures.

According to the details unveiled by Kaspersky, cybercriminals habitually target mailing lists used by companies to communicate with their customers, presenting vast opportunities for spamming, phishing and a variety of more complex scams. By managing to infiltrate and exploit a company’s ESP account, they enhance the success rate of such attacks.

In this latest phishing campaign, the perpetrators have expertly used the trusted SendGrid ESP to disseminate their phishing emails, cleverly harvesting SendGrid credentials and even bypassing traditional security measures. The focus is on authenticity, with the phishing emails mimicking concern about security and urging recipients to activate two-factor authentication (2FA) in order to protect their accounts. However, the link provided simply redirects unwitting users to a fraudulent website in the guise of the SendGrid login page, where their credentials are then captured.

Roman Dedenok, a Security Expert at Kaspersky, states, “Using a reliable email service provider is important when it comes to your business reputation and safety. However, some sneaky scammers learned how to mimic reliable services – so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution".

For businesses seeking to guard against such phishing campaigns, the cybersecurity giant has outlined several guidelines. Firstly, it is important to educate staff in basic cybersecurity procedures, and even conduct simulated phishing attacks to ensure they are equipped to differentiate between genuine and phishing emails. Secondly, it is recommended to use protection solutions for mail servers with anti-phishing capabilities, such as Kaspersky Security for Mail Server and Kaspersky Endpoint Security for Business. Lastly, if the Microsoft 365 cloud service is being used, an additional layer of protection should be added through Kaspersky Security for Microsoft Office 365, which includes anti-spam and anti-phishing capabilities as well as safeguarding SharePoint, Teams, and OneDrive apps for secure business communications.

For small and medium businesses requiring straightforward management and reliable protection features, Kaspersky Endpoint Security Cloud is an ideal solution. This includes File Threat Protection, Mail Threat Protection, Network Threat Protection, and Web Threat Protection which altogether protect users from malware, phishing and other kinds of threats.