Phishing campaign leverages Google’s SMTP relay service

More threat actors have been leveraging Google's Simple Mail Transfer Protocol relay service in phishing campaigns since last month in an effort to evade detection and facilitate successful phishing email delivery, BleepingComputer reports. Avanan researchers discovered that Google's SMTP relay service has been used to deliver at least 30,000 emails during the first two weeks of April alone, as malicious actors have exploited the service to impersonate Gmail tenants whose domains have no DMARC policy with the "reject" directive configuration. One of the emails observed by Avanan involved the delivery of an email seemingly from Trello.com but really originating from jigokar.com. Researchers also noted that other relay services could also be exploited to deliver phishing emails. Meanwhile, Google noted that certain protections have already been developed for Gmail to avert such attacks. "This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue," a Google spokesperson said.