Software Engineer. Security Researcher. Puerto Rican 🇵🇷. New Yorker. Bilingual. LG(B)TQ 🏳️🌈. He/him.
Focused on browser research. Glad to collaborate.
Website: https://AlesandroOrtiz.com
(Header 📷: roriv3ra on IG)
| Website | https://AlesandroOrtiz.com |
| Location | Queens, NY / Puerto Rico |
| Infrequent Newsletter | https://AlesandroOrtiz.com/subscribe |
| Twitter (unused) | https://twitter.com/AlesandroOrtizR |
If I were SendGrid, my New Year's resolution would be to stop bad actors from sending SendGrid phishing emails to SendGrid customers using compromised SendGrid accounts.
These bad actors compromise SG accounts through phishing emails, then use newly phished SG accounts to send even more SG phishing emails.
It's clearly working for them, because this has been an ongoing issue since August 2024. I often get 5+ emails per day.
This is a particularly gross phishing email.
Also, the SendGrid phishing emails sent from SendGrid itself have not stopped for over a year. I get multiple of these per week, sometimes a barrage each day.
They all appear to come from compromised SendGrid customer accounts. They pass the customer domain's DMARC, SPF, and often use customer's custom tracking link domain. Same threat actor based on IOCs, but changing domains every few days.
Here are some public reports as of September 2024:
https://www.reddit.com/r/sysadmin/comments/1eyjz6c/sendgrid_phishing_campaigns/
https://www.reddit.com/r/SendGrid/comments/1fcxlkc/notice_from_sendgrid_about_logins_from_around/
https://www.reddit.com/r/Scams/comments/1f1yosu/brivity_multiple_emails_now/
"New MMS message to download" from random number.
My first thought: Is this a hacking attempt?
Moments later: Oh, no, probably a political campaign text.
Another moment later: But what if it's a hacking attempt disguised as a political campaign text?!
(Zero day exploits through images have wrecked my paranoid mind.)
Gemini: "Facing a crisis: I'm in deep trouble"
I have not laughed so hard at an AI response in a while.
It's a very accurate assessment of the situation, though. It's struggling with Blink code I need to get a PoC working.
If the U.S. government doesn't know what legal authority they used to blow up a boat, maybe consider the possibility they didn't have legal authority and are now trying to cover their asses.
Although unsurprising, it's another example of irresponsible planning of critical actions at the highest levels of government. Yet somehow they're getting almost no real pushback on unlawful actions within executive branch or from other branches of government.
