Alerts •   Jun 13, 2022

Payment email with malware attached

Sent from hacked Sendgrid account

If you come across this sort of email, don't be concerned and don't attempt to open the attachment. Forward it to your family, coworkers, and friends so that they can benefit from it.

We believe Smartvoting.cl SendGrid's account was compromised based on the email's header, which contains Spf, Dkim, and Dmarc passed. We'd had a similar situation with Mailjet / Mailgun before; our account was hacked. (We suspect that it is an inside job, as we have all security in place and the hacker only used our account to send out phishing emails with their database. This resulted that us clearing up our database in Mailjet and switching to another provider). As this kind of act will further cripple the business and reputation. 

 

malware email from sendgrid
malware header
smart voting chile

 

Who is Smartvoting.cl

Smart Voting is an electronic voting service that allows elections to be carried out in an easy, secure and transparent way, with a unique support team. Operate in Chile.

 

> We think if they can be so careless with their credentials and no follow-up or notice they are not secure nor transparent in any way.

 

Who is SendGrid

SendGrid delivers your transactional and marketing emails through the world's largest cloud-based email delivery platform. Send with confidence. They are owned by Twilio.

 

> We think SendGrid should be able to accomplish more as a provider, and we believe it can use these features: usually login or large send out new send out guard functions to avoid such problems. Block and track these IP addresses from the suspect area.

 

What is SPF

Sender Policy Framework is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced.

 

What is DKIM

DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.

 

What is Dmarc

DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.

 

So, you can see that SPF, DKIM, and Dmarc are critical for an organization's email or e-marketing outreach. If you want to learn more or have someone assist you in implementing SPF, DKIM, and Dmarc, look no further. We at Supercharge Interactive (www.supercharge.business)are able to help you with these requirements.