{"id":3589,"date":"2018-08-24T00:25:59","date_gmt":"2018-08-24T00:25:59","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=3589"},"modified":"2018-08-24T00:25:59","modified_gmt":"2018-08-24T00:25:59","slug":"phishing-emails-now-using-sendgrid-for-url-rewrites","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/phishing-emails-now-using-sendgrid-for-url-rewrites","title":{"rendered":"Phishing Emails now using SendGrid for URL ReWrites"},"content":{"rendered":"

Recently had a user receive an email that got past multi Spam protection. The issue was the sender had actually been hacked and they were using his email service to spam all his contacts with the below:\u00a0<\/p>


I have been trying to send you this file, but it failed with attaching them to my email. I managed to upload them here. The document is password protected for confidentiality. You may be required to sign in to view.<\/em>

View Here <https:\/\/u8062662.ct.sendgrid.net\/wf\/click?upn=wZQTK0j1og7ZpMJhH8Ud1KVnbiPHM9y73Xakn2Kz-2FW3NjeIbG2SHvoQBr-2FU18gy0sWZ8XmNWnZXVIwYoPeDbMdKFtXGpU-2FkCKJt7n9ht0-2Bc-3D_5kx02phTxyE6nAkdmbPR-2BLnKNuh-2FMh-2Fnzaqek3PlNNGNn5K7iZReVzccFSICLkn2TWbvJrH-2Bw-2BE7xgHn2ty-2B1BSOsEXhaW-2Fe1ryw1S4JCO1SZ5Cc96DNVFrgvKTCexkvDBOvJEZat1Xu3mo-2F-2Bg54FPgHa7ASkej2pIVyR-2BRlCbquUGTUk4YBF0lmrI20ZPDbWrW-2Fob7Pfi5neeYJCNhBDw-2FFhGqmFj4h8u6mNpuZg9g-3D<\/a>><\/em><\/p>

 <\/p>

Sendgrid is used for mass emails and people use sendgrid to track clicks. This domain is also never going to be blocked or marked as an issue<\/p>

The link actually redirects to here :\u00a0https:\/\/beautifulbeanfootage.com\/box\/Login.php?sslchannel=true which is a Phish page pretending to be box.com<\/p>

 <\/p>

\"\"<\/p>","protected":false},"excerpt":{"rendered":"

Recently had a user receive an email that got past multi Spam protection. The issue was the sender had actually been hacked and they were using his […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2645,2644],"class_list":["post-3589","post","type-post","status-publish","format-standard","hentry","category-research","tag-phishing","tag-sendgrid"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=3589"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3589\/revisions"}],"predecessor-version":[{"id":3591,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3589\/revisions\/3591"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=3589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=3589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=3589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}