Threat Watch

Phishing Attacks Leveraging Email Marketing Services to Bypass SEGs

In a Twitter thread, Microsoft provided insight into an ongoing spam campaign that takes advantage of compromised email marketing services such as SendGrid and Amazon SES. Because these services are legitimate, Secure Email Gateways (SEGs) won’t distinguish the sender’s content as the email marketing service is genuine on the surface. This campaign is also concerning in many ways as it also takes advantage of many who are working from home by utilizing video conference invite lures. It is estimated that approximately 400,000 credentials have been collected using these techniques in tandem.


Protecting an organization against a threat such as this will primarily rely on a couple of critical items. The first item focuses on content filtering for all emails or external senders. In this case, the lures focus on video conferencing, which should rarely ever come via marketing service. Along the same vein, the second item is built by providing users with knowledge. Enabling users with the ability to distinguish things like format, content, spelling, unusual domains in links, and senders can allow users to help catch and report phishing emails sent to an organization.