A phishing campaign reported by BleepingComputer says that threat actors are abusing SendGridโ€™s Infrastructure for sending phishing emails to take payers. The redirecting phishing web page is also compromised, and the emails were spoofed to be from HMRC, UKโ€™s tax collector. Using SendGrid email delivery helped them bypass spam filters.

HMRC Phishing Campaign

SendGrid Legacy Accounts Used by Hackers to Steal Data in a HMRC Phishing Campaign

Her Majestyโ€™s Revenue and Customs (HMRC) is the UKโ€™s tax collector. Since itโ€™s the official department, any email or letter having a badge of it asking for details will mostly be believed by citizens. And this is how any phishing campaign runs. Based on this, a threat group has been sending HMRC based email for stealing data.

As reported by a security researcher named The Analyst to the BleepingComputer, threat actors are abusing SendGridโ€™s email delivery infrastructure for sending legitimate-looking phishing emails to citizens. Using the HMRC email address in the From address section helps it bypass spam filters.

The phishing page thatโ€™s within the email, and is redirected to, is also a compromised website โ€“ https://technicalzia[.]net/tax/. Details asked from citizens through the phishing form are;

  • Name
  • DoB
  • Residential Address
  • Driving license number with the issue and expiry dates
  • National Insurance Number
  • Unique Taxpayer Reference number and
  • Passport Number and expiry dates.

The researcher said SendGridโ€™s legacy account offer should be accused since threat actors are exploiting them for over half a year. He said, โ€œIn this specific case HMRC has a good DMARC record that makes most recipients just junk them, but when [scammers] spoof other domains that actually have SendGrid in SPF/DMARC itโ€™s much worse.โ€

SendGrid replied to the researcherโ€™s findings and said theyโ€™d try to keep their platform clear from such users. Also, it asked recipients of such emails with any SendGrid mention to be forwarded to [email protected] for investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here