LEGALAUDIT

Scam Watch

Wie erkennen Sie Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing?

Kurzfassung

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Wie es funktioniert

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Warnzeichen

  • Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in
  • Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks
  • BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Was tun

  1. 1Never enter credentials from email links — navigate directly to the service's official website instead
  2. 2For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender
  3. 3Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

Quelle

securelist

Quelle geprueft vom Mythos Forensic Team

https://securelist.com/amazon-ses-phishing-and-bec-attacks/119623/

FAQ

Ist Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing ein reales Betrugsmuster?

Ja. Behandeln Sie Nachricht, Anruf oder Zahlungsaufforderung als verdaechtig, bis ein offizieller Kanal sie bestaetigt.

Was sind die ersten Warnzeichen?

Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in; Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks; BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Was sollte ich zuerst tun?

Never enter credentials from email links — navigate directly to the service's official website instead; For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender; Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

Kann LegalAudit meinen Fall pruefen?

Ja. Starten Sie den kostenlosen Chat und fuegen Sie Nachricht, Link, Absender oder Zahlungsdaten ein.