SendGrid isn’t emailing about ICE or BLM – it’s a phishing attack
4 months ago
- #social-engineering
- #phishing
- #cybersecurity
- Author received concerning emails from SendGrid, initially ignored them until noticing politically charged phishing emails.
- Phishing emails exploit American political issues (e.g., ICE, BLM, LGBTQ+ rights) to provoke emotional reactions and clicks.
- Hackers compromise SendGrid accounts via credential stuffing, using legitimate SendGrid infrastructure to bypass spam filters.
- Dubbed 'Phishception,' attackers use compromised SendGrid accounts to phish other SendGrid users, creating a self-perpetuating cycle.
- Emails include fake opt-out buttons, targeting recipients based on their political stances.
- Attackers demonstrate deep understanding of American cultural divisions, possibly state-sponsored or highly online domestic actors.
- SendGrid/Twilio has been slow to enforce 2FA, making accounts vulnerable to continued exploitation.
- Recommendations: Enable 2FA, use unique passwords, avoid clicking phishing links, and set up Gmail filters to block impersonation emails.