Security News > 2022 > May > Google SMTP relay service abused for sending phishing emails
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.
According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022.
Google offers an SMTP relay service that can be used by Gmail and Google Workspace users to route outgoing emails.
The following email, spotted by Avanan, appears as if it comes from Trello.com, but it's in reality from jigokar.com and passed through Google's relay service.
The emails are likely bypassing spam detections because all Gmail tenants who use this relay likely set up SPF records that place Google's SMTP relay service on the trusted sender list for their domain.
While these threat actors are abusing Google's relay service, Avanan says that any other relay service is succeptible to the same type of abuse.
News URL
Related news
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- Google is making sending end-to-end encrypted emails easy (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)