CySecurity News – Latest Information Security and Hacking Incidents
Phishers are exploiting a vulnerability in Google’s SMTP relay service to send malicious emails that imitate well-known brands. Threat actors use this service to mimic other Gmail tenants, according to Avanan researcher Jeremy Fuchs. Since April 2022, they’ve noticed a massive rise in these SMTP relay service exploit attacks in the wild.
Organizations utilise Google’s SMTP relay service to send out promotional messages to a large number of consumers without the risk of their mail server being blacklisted.
Fuchs explained, “Many organizations offer this service. Gmail does as well, with the ability to route outgoing non-Gmail messages through Google. However, these relay services have a flaw. Within Gmail, any Gmail tenant can use it to spoof any other Gmail tenant. That means that a hacker can use the service to easily spoof legitimate brands and send out phishing and malware campaigns. When the security service sees avanan.com coming into the inbox, and it’s a real IP address from Gmail’s IP, it starts to look more legitimate.”
As Gmail’s SMTP relay servers are usually trusted, email security solutions are circumvented, and recipients see a legitimate-looking email address in the “From:” field. Users will only know something is wrong if they inspect the message headers.
This brand impersonation method
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: