Target: Businesses using Email Service Providers (ESPs) like SendGrid to send email campaigns, and the receivers of the emails

Method:

• Gain access to an ESP account: This could be through hijacking a legitimate account or other means.
• Send phishing emails through the ESP: These emails pose as legitimate messages from the ESP, urging users to update security settings (e.g., enable 2FA).
• Use spoofed links: The links in the email appear to point to the ESP’s domain, bypassing usual phishing red flags.
• Redirect to fake login page: Clicking the link leads to a website resembling the ESP’s login page, designed to steal user credentials.

Why it’s dangerous:

• Increased trust: Users are more likely to open emails appearing to come from a familiar ESP.
• Bypassing safeguards: Spoofed links and redirection make it harder to detect the scam.