A phishing campaign reported by BleepingComputer says that threat actors are abusing SendGrid’s Infrastructure for sending phishing emails to take payers. The redirecting phishing web page is also compromised, and the emails were spoofed to be from HMRC, UK’s tax collector. Using SendGrid email delivery helped them bypass spam filters.
HMRC Phishing Campaign
Her Majesty’s Revenue and Customs (HMRC) is the UK’s tax collector. Since it’s the official department, any email or letter having a badge of it asking for details will mostly be believed by citizens. And this is how any phishing campaign runs. Based on this, a threat group has been sending HMRC based email for stealing data.
As reported by a security researcher named The Analyst to the BleepingComputer , threat actors are abusing SendGrid’s email delivery infrastructure for sending legitimate-looking phishing emails to citizens. Using the HMRC email address in the From address section helps it bypass spam filters.
Hey @SendGrid @LenShneyder get your act together! Now you’re letting a TA spoof @HMRCgovuk as sender for #phishing . /sendgrid.net > s/technicalzia.net/tax https://t.co/CaqygOyYKc CC @NCSC @olihough86 pic.twitter.com/6lcxTmWsQv — TheAnalyst (@ffforward) December 2, 2020
