Inside SendGrid's phishy business. [Research Saturday]
CyberWire Daily
00:00
Sophisticated Phishing Tactics Utilizing SendGrid
The chapter explores advanced cloaking techniques in phishing attacks, including utilizing AES encryption, JavaScript obfuscation, and mimicking legitimate websites like SendGrid's login page. It discusses a unique method where attackers validate stolen credentials in real-time using the legitimate SendGrid API, evading traditional detection methods. The chapter also examines the theft of multifactor authentication tokens and session tokens, outlining potential motives for hackers accessing SendGrid accounts for further credential harvesting and malicious activities.
Play episode from 14:49
Transcript
