Archive for May 2, 2022

Cyber Criminals Exploit Google’s SMTP Relay Service To Land in Inboxes and Steal User Credentials

Posted in Commentary with tags on May 2, 2022 by itnerd

Avanan, A Check Point Company, has published its latest research report in which it describes how hackers strategically send out phishing emails using Google’s Simple Mail Transfer Protocol (SMTP) Relay service, a common service used to send out mass emails, while ensuring delivery. 

Hackers manipulate this service by spoofing reputable brands, like Venmo and Trello, to send out thousands of emails that bypass security tools and land directly inside users’ inboxes. These emails contain a malicious link or a document that leads users to give up their credentials. 

In this attack, hackers are taking advantage of a flaw in Google’s SMTP Relay service to send spoofed emails.

Hackers can utilize any Gmail tenant, from small companies to large, popular corporations. 

Once spoofed, they can send out phishing emails that are more likely to get into the inbox, as it leverages the inherent trust of legitimate brands.  

Once in the inbox, hackers hope that end-users will click on a malicious link or download a malicious document, to steal credentials. 

The full report can be found here and there are some mitigation strategies in the report that you can use to protect yourself. I also have a video which I have embedded below that shows a demonstration of the attack.