Boost Your Cybersecurity: New Phishing Scam and Protection Tips

Supporting the entrepreneurial spirit of small businesses is at the heart of what we do and have been doing at ECI for the past 25 years. A big part of this mission is helping companies navigate the rapidly changing cybersecurity threat landscape. So, I want to share a bit about an emerging phishing scam targeted at small and medium-sized businesses (SMBs) that use Twilio SendGrid, an email service provider that many small businesses use regularly. This phishing campaign recently used convincing emails to deceive Twilio SendGrid customers into sharing their usernames and passwords.

According to the company’s website, Twilio SendGrid processes over 100 billion emails every month and has over 80,000 clients that use their email service for communicating and marketing to their customers in bulk.

Through a well-crafted, custom email, hackers were able to convince some Twilio SendGrid clients that there was an issue with their account like a failed payment or account removal. If the recipient clicked on the link in the email, they were directed to a fake login page that looked just like a Twilio SendGrid login page but was created and managed by the bad actors. So, as soon as those login credentials were entered by the unwitting recipients, they were shared with the bad actors.

In addition to highly convincing phishing emails, what sets this campaign apart is its ability to evade traditional email security protocols. By using a legitimate service and avoiding clear indicators of fraud, these emails managed to bypass typical security filters, slipping seamlessly into recipients' inboxes.

It is important to note that Twilio SendGrid itself is not involved in these scams but rather is being impersonated by cybercriminals. In cases where spam or phishing emails are sent through SendGrid's platform, users are encouraged to report such incidents to Twilio SendGrid for investigation and action.

While some phishing emails can be very well crafted, here are seven common red flags to look for:

• Unfamiliar tone or greeting: Phishing emails may sound strange or not like how a real company would talk to you.
• Grammar and spelling errors: Look out for mistakes in spelling and grammar, as scammers often make these errors.
• Suspicious sender address: Check the sender's email address. If it looks strange or unfamiliar, it could be a sign of a phishing attempt.
• Spoofed web links: Be cautious of links in emails. If they look odd, don't match the company's official website, or include a different domain than expected, refrain from clicking it.
• Threats or urgency: Phishing emails often create a sense of urgency or threaten consequences if you don't act quickly. Be wary of such pressure tactics.
• Asking for sensitive information: Be cautious if an email asks for personal or sensitive information like passwords, account numbers, or Social Security numbers.
• Unsolicited attachments: Avoid opening attachments from unknown sources as they could contain malware or harmful software.

No matter the size of your business, ensuring your business and employees are ready to help protect your business is critical. We recently published a blog post that shares “9 Cybersecurity Tips You Can Implement Now” which can help ensure your business is protected. Here are just a few of those tips:

• Train employees – Unintentional neglect of employees or contractors contributes to 21% of cybersecurity breaches, according to Ponemon Institute and IBM. Make sure you are providing your team with the right training and tools to identify and report suspicious activity and keep your business safe.
• Set strong passwords - Encourage employees to generate complex passwords that are challenging for hackers to decipher and have them update the password every few months. Whenever possible, implement multifactor authentication (MFA) to add an extra layer of security through multiple verification steps.
• Implement a disaster recovery plan - Craft an effective incident response plan that details the precise steps your organization will take in the event of cybersecurity breaches or natural disasters. Start by identifying critical data assets, documenting procedures, and conducting routine testing. The plan should include immediate responses like isolating affected systems, informing stakeholders, and involving authorities or cybersecurity professionals if needed.