Security News > 2022 > May > Google SMTP relay service abused for sending phishing emails
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.
According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022.
Google offers an SMTP relay service that can be used by Gmail and Google Workspace users to route outgoing emails.
The following email, spotted by Avanan, appears as if it comes from Trello.com, but it's in reality from jigokar.com and passed through Google's relay service.
The emails are likely bypassing spam detections because all Gmail tenants who use this relay likely set up SPF records that place Google's SMTP relay service on the trusted sender list for their domain.
While these threat actors are abusing Google's relay service, Avanan says that any other relay service is succeptible to the same type of abuse.
News URL
Related news
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- Phishing emails delivering infostealers surge 84% (source)
- CoGUI phishing platform sent 580 million emails to steal credentials (source)
- Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails (source)
- Threat actors abuse Google Apps Script in evasive phishing attacks (source)