Cyber Criminals Exploit Google’s SMTP Relay Service To Land in Inboxes and Steal User Credentials

Avanan, A Check Point Company, has published its latest research report in which it describes how hackers strategically send out phishing emails using Google’s Simple Mail Transfer Protocol (SMTP) Relay service, a common service used to send out mass emails, while ensuring delivery. 

Hackers manipulate this service by spoofing reputable brands, like Venmo and Trello, to send out thousands of emails that bypass security tools and land directly inside users’ inboxes. These emails contain a malicious link or a document that leads users to give up their credentials. 

In this attack, hackers are taking advantage of a flaw in Google’s SMTP Relay service to send spoofed emails.

Hackers can utilize any Gmail tenant, from small companies to large, popular corporations. 

Once spoofed, they can send out phishing emails that are more likely to get into the inbox, as it leverages the inherent trust of legitimate brands.  

Once in the inbox, hackers hope that end-users will click on a malicious link or download a malicious document, to steal credentials. 

The full report can be found here and there are some mitigation strategies in the report that you can use to protect yourself. I also have a video which I have embedded below that shows a demonstration of the attack.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: