Email security

Phishing campaign leverages Google’s SMTP relay service

More threat actors have been leveraging Google's Simple Mail Transfer Protocol relay service in phishing campaigns since last month in an effort to evade detection and facilitate successful phishing email delivery, BleepingComputer reports. Avanan researchers discovered that Google's SMTP relay service has been used to deliver at least 30,000 emails during the first two weeks of April alone, as malicious actors have exploited the service to impersonate Gmail tenants whose domains have no DMARC policy with the "reject" directive configuration. One of the emails observed by Avanan involved the delivery of an email seemingly from but really originating from Researchers also noted that other relay services could also be exploited to deliver phishing emails. Meanwhile, Google noted that certain protections have already been developed for Gmail to avert such attacks. "This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue," a Google spokesperson said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.