Hi all

I am wondering how such an incident could happen.

Yesterday several of our customers (and also several of our support
contact email addresses) got very carefully crafted and very authentic
looking fake email invoice notifications from Swisscom.

The 'online invoice' link points to a file containing malware. A
warning has been issued via the medias in switzerland, to inform the
population not to download that invoice which a swisscom customer can
hardly distinguish from a real one.

Obviously sendgrid got abused in several ways:

* Hosting the Malware
* Sending Emails with Valid DKIM Signature
* Valid SPF Sender

They reacted fast, as of today, they have removed the malware from
their site.

Is it really that easy to go to sendgrid and tell them 'Hey we are
Swisscom and want to send email invoices to all our customers, please
provide mass-email and hosting services to us?

Doesn't anyone at sendgrind raises an eyebrow and think, hey wouldn't
swisscom send such emails over their own infrastructure? Shouldn't we
verify with swisscom, if this request is authentic?

Kind regards

-BenoƮt Panizzon-
I m p r o W a r e   A G    -    Leiter Commerce Kunden

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch

mailop mailing list

Reply via email to