A phishing campaign reported by BleepingComputer says that threat actors are abusing SendGrid’s Infrastructure for sending phishing emails to take payers. The redirecting phishing web page is also compromised, and the emails were spoofed to be from HMRC, UK’s tax collector. Using SendGrid email delivery helped them bypass spam filters.

HMRC Phishing Campaign

SendGrid Legacy Accounts Used by Hackers to Steal Data in a HMRC Phishing Campaign

Her Majesty’s Revenue and Customs (HMRC) is the UK’s tax collector. Since it’s the official department, any email or letter having a badge of it asking for details will mostly be believed by citizens. And this is how any phishing campaign runs. Based on this, a threat group has been sending HMRC based email for stealing data.

As reported by a security researcher named The Analyst to the BleepingComputer, threat actors are abusing SendGrid’s email delivery infrastructure for sending legitimate-looking phishing emails to citizens. Using the HMRC email address in the From address section helps it bypass spam filters.

The phishing page that’s within the email, and is redirected to, is also a compromised website – https://technicalzia[.]net/tax/. Details asked from citizens through the phishing form are;

  • Name
  • DoB
  • Residential Address
  • Driving license number with the issue and expiry dates
  • National Insurance Number
  • Unique Taxpayer Reference number and
  • Passport Number and expiry dates.

The researcher said SendGrid’s legacy account offer should be accused since threat actors are exploiting them for over half a year. He said, “In this specific case HMRC has a good DMARC record that makes most recipients just junk them, but when [scammers] spoof other domains that actually have SendGrid in SPF/DMARC it’s much worse.

SendGrid replied to the researcher’s findings and said they’d try to keep their platform clear from such users. Also, it asked recipients of such emails with any SendGrid mention to be forwarded to [email protected] for investigation.


Please enter your comment!
Please enter your name here