IRONSCALES researchers have identified a trending fake login attack spoofing two leading email delivery service providers, Mailgun and SendGrid. With close to 100,000 customers worldwide between the companies, the attacks spoofing the two providers attempt to trick recipients into believing that “the following services failed to auto-renew and are about to expire.” Such spoofing messages, which appear to come from “renewal teams,” provide a link to a fake phishing website where recipients are prompted to “update” their credit card on file so as to avoid any disruption in service.
Click here to access the blog post with all of the details.
Since first discovered by IRONSCALES in early June, the attack has potentially bypassed secure email gateways and DMARC in over 200 companies across the US, Canada and Europe. The attack initially appeared to focus on companies within the travel and hospitality industries, however, IRONSCALES has also found recent examples of this attack targeting the legal, healthcare, financial services and manufacturing industries.
As a reminder, IRONSCALES sits inside the mailbox, this fake login attack campaign has proven to bypass secure email gateways and authentication protocols like DMARC - making it particularly dangerous for the many organizations without advanced anti-phishing technology in place.
See images below of the fake login pages.