This happened yesterday:

Screenshot of an email, allegedly from Sendgrid
Download

Screenshot of an email, allegedly from Sendgrid

The first give away is the sender, sendgrid@autovitalsinc.com. Not Sengrid. Now, check the URL on the link provided to check the account activity:

https://u906946.ct.sendgrid.net/ls/click?upn=u001.eXk7eIEvNT22LuyWQ0fseoc5VY1jItvxPoavh2wfNVs292YMzvTAPj5D6nek1U6K7UfW_AsM5Hq3TBeAGlZrT-2F3g23iWCcJRPGZ-2B58DJxpgMgOTjgWklNQiAdGiHqmR6FFVhfWZJhnu1PSRslMuKGg1XNZs5e1lGu8kmdKhv7otlghl6qLMXiiXYZcvaUB5NruWwSBFcLdvi31NY-2Fru5oyrcrugm2iLYA0u5TiufyvA7SNTo3sDHx6WtS-2FmfEyN2svb9k1S4QGRFhuDseidMiFm0f9Q-3D-3D

I was curious, so I follow it on my dedicated VM for these kind of things. It took me to a page looking exactly like a Sendgrid login, with a sendgrid.net URL. Upon entering yourmotherisahamster@gmail.com, as username, and yourfathersmellsofelderberries as password, it sent me to https://screenprank.com/gandalf/.

It was well done. This morning the same link renders a blank page with a “Not found” link that takes you to a 404. Hmm…

⤋ Read More