LEGALAUDIT

Scam Watch

Como reconocer Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing?

TLDR

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Como funciona

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Señales de alerta

  • Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in
  • Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks
  • BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Qué hacer

  1. 1Never enter credentials from email links — navigate directly to the service's official website instead
  2. 2For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender
  3. 3Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

Fuente

securelist

Fuente verificada por Mythos Forensic Team

https://securelist.com/amazon-ses-phishing-and-bec-attacks/119623/

FAQ

Es Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing una estafa real?

Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.

Cuales son las primeras senales?

Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in; Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks; BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Que debo hacer primero?

Never enter credentials from email links — navigate directly to the service's official website instead; For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender; Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

Puede LegalAudit revisar mi caso?

Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.