this post was submitted on 22 Feb 2024
43 points (93.9% liked)

Technology

59092 readers
6622 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L4s@lemmy.world
L3s@fry.gs
L4s@fry.gs
enu@lemmy.world
43
Phishing credential campaigns via Email Service Providers (ESPs): a dangerous tactic (www.kaspersky.com)
submitted 8 months ago by Squire1039@lemm.ee to c/technology@lemmy.world
0 comments fedilink hide all child comments
 

Target: Businesses using Email Service Providers (ESPs) like SendGrid to send email campaigns, and the receivers of the emails

Method:

  • Gain access to an ESP account: This could be through hijacking a legitimate account or other means.
  • Send phishing emails through the ESP: These emails pose as legitimate messages from the ESP, urging users to update security settings (e.g., enable 2FA).
  • Use spoofed links: The links in the email appear to point to the ESP's domain, bypassing usual phishing red flags.
  • Redirect to fake login page: Clicking the link leads to a website resembling the ESP's login page, designed to steal user credentials.

Why it's dangerous:

  • Increased trust: Users are more likely to open emails appearing to come from a familiar ESP.
  • Bypassing safeguards: Spoofed links and redirection make it harder to detect the scam.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here