Security News > 2022 > May > Google SMTP relay service abused for sending phishing emails
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.
According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022.
Google offers an SMTP relay service that can be used by Gmail and Google Workspace users to route outgoing emails.
The following email, spotted by Avanan, appears as if it comes from Trello.com, but it's in reality from jigokar.com and passed through Google's relay service.
The emails are likely bypassing spam detections because all Gmail tenants who use this relay likely set up SPF records that place Google's SMTP relay service on the trusted sender list for their domain.
While these threat actors are abusing Google's relay service, Avanan says that any other relay service is succeptible to the same type of abuse.
News URL
Related news
- Google Pay alarms users with accidental ‘new card’ added emails (source)
- Google Scholar has a 'verified email' for Sir Isaac Newton (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)