Phishing Attacks Target Email Platform Users

A new wave of phishing attacks is targeting customers of email marketing platforms, aiming to steal their login credentials. Attackers are using emails that mimic official communications, announcing the automatic addition of a 'Support ICE' donation button to all emails sent through the platform.

The strategy aims to exploit users' potential aversion to ICE, prompting them to quickly log in to their accounts to disable this alleged setting. In reality, by clicking on the links in the emails, victims reveal their username and password to hackers.

Examples and Countermeasures

Emma is among the platforms affected, whose clients include Orange Theory, Yale University, and other major institutions. Lisa Mayr, CEO of Marigold (owner of Emma), confirmed that this is a phishing attempt and that the company would never send such communications.

Similar incidents have also occurred with SendGrid users, where phishing emails, in addition to the ICE theme, also proposed adding a banner in support of Black Lives Matter or LGBTQ+ rights.

Fred Benenson, a programmer, pointed out how the sophistication of these campaigns lies in their ability to exploit cultural and political divisions within the United States. The emails appear authentic because, in some cases, they are sent through compromised accounts of other users of the same platform.

The email relating to Emma was sent via Survey Monkey from a counterfeit email address. The link to deactivate the function redirected to a website created specifically to steal user credentials, promptly identified as dangerous by browsers.