Researchers have discovered a new fake login attack that spoofs Mailgun and SendGrid, two email service providers with almost 100,000 customers between them, while bypassing DMARC (Domain-based Message Authentication, Reporting and Conformance), according to security firm Ironscales.
The company discovered the spoofing scheme early in June.
The attacks seek to convince recipients that “the following services failed to auto-renew and are about to expire,” Ironscales states.
Intended victims are directed to a fake website and prompted to “update” credit card information to avoid a disruption in service.
The email spoofing SendGrid uses a purported Twilio SendGrid logo.
The attacks potentially bypass secure email gateways and DMARC in over 200 countries, Ironscales says.
Travel and hospitality companies were the initial targets, but they have been joined by firms in the legal, healthcare, financial services and manufacturing industries, it says.