Google SMTP relay service has a huge following and is used by thousands of people every day. Hackers all over the globe are becoming more aware of this fact and have begun to abuse the SMTP relay services.
This is the basic idea. Some hackers are clever enough to figure out how they can bypass email security and send malicious emails to their targets if they exploit certain weaknesses in Google's SMTP service.
Avanan Security has been monitoring the phenomenon and has confirmed a dramatic spike in the number of threat actors using the SMTP relay services since April 2022.
Google offers the relay service as part of Gmail or Google Workspace to route outgoing emails.
The SMTP relay can be used for convenience as users don't need to maintain an external server for their marketing emails. There's no need to worry about their mail server being added to a blocked list.
Although it is extremely handy, hackers have found that they can use the SMTP service to spoof other Gmail tenants. However, there is a catch. The hacker's attempt to spoof other Gmail tenants will be thwarted if these domains have a DMARC policy that includes the reject directive.
This can be a very serious problem but there is a solution. You can reduce the risk that your users fall prey to this type attack by setting a strict DMARC policy. Integrated Technology Systems can work with your IT team to ensure email settings are set properly.
Google made this clear in a blog post about the topic.
"We have built in protections to prevent this type of attack. This research demonstrates why we recommend that users in the ecosystem use Domain-based Message Authentication Reporting & Conformance protocol. This will protect against the well-known attack method.
It is a good idea. Ask Integrated Technology Systems if you aren’t certain if you have a strict DMARC policy. If you don't have one, ask them to create one.
Phishing Scams Are Now Using Twitter Account Emails
Hackers all over the globe are targeting Twitter accounts that have been verified with emails that aim to steal your Twitter login credentials.
A Twitter account that is verified is different from regular accounts in that they have a large blue checkmark next to the user’s name. This indicates that the account owner is someone with considerable influence on Twitter.
You must apply for verification to be eligible for verified status. This involves providing additional information, including links to websites and photos of your photo ID. The process also includes an essay section that asks you to explain to the company why your account is "notable".
You're not the only one who thinks this is a bit too much. This is why there are so few verified accounts.
Even so, hackers will be watching if you decide to get one. Because those accounts can be resold, hackers have been increasing their focus on anyone sporting the big blue checkmark. These accounts often have many followers, which allows hackers to potentially hook even more people.
This is the latest campaign:
- An email will be sent to you stating that Twitter Verified has issued a new notification. This sounds very official.
- You will be asked to confirm your identity by entering your Twitter login credentials.
- You can enter your credentials here, but it doesn't help you verify your identity. The hackers can use the capture box you are typing to steal your login details and abuse them.
Do not fall for it. It is best to assume that any email sent by a company is fraudulent. Instead of clicking on links to go to the company's site, you can surf directly. Although it's not an exact solution, it can reduce your risk to a minimum.
Keeping your company secure in today's internet world is a daunting task to say the least. Integrated Technology Systems has the expertise and knowledge to help you stay ahead of the hackers. Contact us today to see how we can help.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/
