Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Phishing credential campaigns via Email Service Providers (ESPs): a dangerous tactic

Target: Businesses using Email Service Providers (ESPs) like SendGrid to send email campaigns, and the receivers of the emails

Method:

  • Gain access to an ESP account: This could be through hijacking a legitimate account or other means.
  • Send phishing emails through the ESP: These emails pose as legitimate messages from the ESP, urging users to update security settings (e.g., enable 2FA).
  • Use spoofed links: The links in the email appear to point to the ESP's domain, bypassing usual phishing red flags.
  • Redirect to fake login page: Clicking the link leads to a website resembling the ESP's login page, designed to steal user credentials.

Why it's dangerous:

  • Increased trust: Users are more likely to open emails appearing to come from a familiar ESP.
  • Bypassing safeguards: Spoofed links and redirection make it harder to detect the scam.
  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology@lemmy.world
  • random
  • incremental_games
  • meta
  • All magazines
    •