Connect with us


Fraudsters using legacy Sendgrid services to carry out HMRC phishing scam




Online fraudsters are leveraging legacy Sendgrid accounts to enable their phishing emails to bypass spam filters and email security solutions in an attempt to dupe people into sharing their personal and financial information.

Sendgrid is a popular could-based email marketing solution, allowing individuals and organisations to send out bulk marketing emails, shipping notifications, and newsletters to a large number of recipients without having to own an email server. Owned by Twilio, Sendgrid also allows its users to send SMS, voice, and push notifications to recipients as well.

According to a security researcher who spoke to Bleeping Computer recently, fraudsters are now carrying out a highly-effective phishing campaign that involves the use of malicious domains that spoof those of the HMRC and Gov.UK and the use of legacy Sendgrid accounts to bypass spam filters and email security solutions.

Fraudsters are using malicious domains, that look very much like the HMRC and Gov.UK websites, to ask people to fill in their personal and financial information in forms in order to benefit from various government schemes such as the Self-Employment Income Support Scheme.

Information requested via these domain-spoofing websites includes the names, dates of birth, addresses, driving license numbers, driving license issue and expiry dates, national insurance numbers, passport numbers, and expiry dates, and Unique Taxpayer Reference (UTR) numbers of targeted victims.

Links to these fake domains are included within well-curated phishing emails that appear to come from the HMRC itself. According to the security researcher, these phishing emails are finding their way into people’s inboxes because fraudsters are using legacy Sendgrid accounts to bypass spam filters and email security solutions.

See also  A Beginner’s Guide to Email Marketing

“In this specific case HMRC has a good DMARC record that makes most recipients to just junk them, but when [scammers] spoof other domains that actually have sendgrid in SPF/DMARC it’s much worse.

“To deliver this HMRC phishing campaign to their victims, the attackers spoofed the From email field with the tax collector’s outgoing email address: Because the scammers are using SendGrid’s delivery infrastructure, these emails “went straight through many mail filters,” the researcher said.

When contacted about the HMRC phishing scam, Twilio, the parent company of Sendgrid, said it is aware of the incident and is taking steps to investigate and resolve the problem.


“It is always regrettable when an individual or organisation is the victim of a phishing attack. As a best practice, we encourage users on our platform to take advantage of existing security controls to protect their accounts, such as using 2FA and IP Access Management, and encourage email senders to take full advantage of email authentication technologies to protect their domains from spoofing,” it added.

ALSO READ: 93% of global airlines leaving travellers vulnerable to email fraud

Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.

Copyright Lyonsdown Limited 2020

Read More


Best Email Marketing Practices to Generate Leads




Have you implemented email marketing in your digital strategy? If you answered no, now is the time to do so.

There are many new and innovative ways to market to your target audience, however, email marketing remains one of the most reliable and effective ways to generate leads. With the right strategy in place, you will be able to convert prospects into paying customers who truly value your brand. 

In this guide, our expert digital team at Bold x Collective discusses everything you need to know about email marketing, as well as some of the best practices that will help your business generate leads!

To preface, you always need to ensure that you do not buy into email lists. Doing so will result in prospects moving your content into the trash or ending up in their spam folders.

This also eliminates prospects’ free will of being able to opt in to emails. This starts the brand-to-customer relationship on a bad note and will result in a higher rate of opt-outs for emails. And not to mention… it is illegal!

Once you have a curated list of prospects that were gained organically through website traffic and membership sign up’s, you can move on to the next step of optimizing your email list by lead scoring. This tactic will filter which prospects are opening your emails, and which ones are worth putting more effort into.

By putting together this new refined list of prospects, your brand will be able to obtain higher conversion rates and a greater return on investment as your efforts are being focused on where it matters most. 


Now that you’ve organized an optimized list of prospects, it’s time to create the actual email. There are many tactics you can use when drafting an email, but these are some of my favorites that will really allow your email to stand out in your prospect’s inbox. 

  • Name the offer in the subject line, in a fun, intriguing way that will make your viewer interested!
  • Keep the main message and call to action above the fold.
  • Include a personalized touch by adding your name and having a sign-off; viewers love it.
  • Have a clean and concise email – no one likes too much content at one time!
See also  The Quickest Ways to Become an Email Marketing Fool

First off, having your offer, promotion or main announcement in the subject line is more likely to grab the attention of the reader as it gets straight to the point and gives them an immediate reason to look for more details. For example, when the subject line states “25% off the ENTIRE site”.

This line introduces an incentive that will be received if you choose to purchase with them, ultimately decreasing their opportunity cost. This will create the feeling of “FOMO”. Fear of missing out and entice readers to browse your website and shop. 

Along with this strategy, it is also beneficial to keep the main message of the email and call to action so that readers can see it at first glance. This means the information they first receive upon viewing the email and upon opening it without having to scroll down.

Not everyone opens every email they get and will often only view the text that shows above the fold. If that text is intriguing enough, they will seek to learn more. So now you have your readers’ attention, the contents of the email above the fold are what is going to keep their attention and be the driving source of whether they become paying customers.

This study was done on users’ scrolling and attention spans tell them that nearly 57% of users’ page-viewing time is above the fold (information that is visible without scrolling).

Therefore, they can use this information to their advantage by making sure the most important details are included above this fold. 

See also  Hot or Not: Email Marketing Trends for 2021

Now that you’ve figured out where to put the most relevant information, let’s get into elements to include in your email content that makes it effective. My personal recommendation would be to include personalized touches such as a personalized greeting and signature sign-off.

A greeting with the contact’s name helps to grab their attention right away as they are being addressed personally. In addition to a personalized greeting, having a signature sign-off that shows the reader that there is a real person on the other end, adds to the level of authenticity that it comes across.


The more of a connection the customer creates with the brand, the more purchasing power they will have. How do they create a connection? With authenticity! 

My last tip, a very simple one, but crucial… is to keep your email clean and concise. No one wants to spend longer than they must, to read an email.

It’s important to keep things looking visually appealing, straight to the point, and summarized in an intriguing and digestible way.

By doing this, you are allowing prospects to gather just what they need to move forward with the buying process. So don’t overthink it, quality is always better than quantity!

To start your journey with email marketing, here are some of their favorite email marketing apps at Bold x Collective:

  1. Privy
  2. Mailchimp
  3. Klaviyo
  4. Active campaign

And while you’re at it, check out Bold x Collective’s blog on how you can get email marketing started for your business! Need some extra guidance and assistance with your email marketing channels? Contact their team to receive a complimentary consultation!

See also  The Best Email Software For You

Source link

Continue Reading

Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address