Hi all I am wondering how such an incident could happen.
Yesterday several of our customers (and also several of our support contact email addresses) got very carefully crafted and very authentic looking fake email invoice notifications from Swisscom. The 'online invoice' link points to a file containing malware. A warning has been issued via the medias in switzerland, to inform the population not to download that invoice which a swisscom customer can hardly distinguish from a real one. Obviously sendgrid got abused in several ways: * Hosting the Malware * Sending Emails with Valid DKIM Signature * Valid SPF Sender They reacted fast, as of today, they have removed the malware from their site. Is it really that easy to go to sendgrid and tell them 'Hey we are Swisscom and want to send email invoices to all our customers, please provide mass-email and hosting services to us? Doesn't anyone at sendgrind raises an eyebrow and think, hey wouldn't swisscom send such emails over their own infrastructure? Shouldn't we verify with swisscom, if this request is authentic? Kind regards -BenoƮt Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
