LEGALAUDIT

Scam Watch

Comment reconnaitre Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing?

En bref

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Comment ca fonctionne

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Signaux d'alerte

  • Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in
  • Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks
  • BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Que faire

  1. 1Never enter credentials from email links — navigate directly to the service's official website instead
  2. 2For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender
  3. 3Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

Source

securelist

Source verifiee par Mythos Forensic Team

https://securelist.com/amazon-ses-phishing-and-bec-attacks/119623/

FAQ

Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing est une vraie arnaque ?

Oui. Traitez le message, l'appel ou la demande de paiement comme suspect jusqu'a verification via un canal officiel.

Quels sont les premiers signaux ?

Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in; Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks; BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Que faire en premier ?

Never enter credentials from email links — navigate directly to the service's official website instead; For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender; Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

LegalAudit peut-il verifier mon cas ?

Oui. Lancez le chat gratuit et collez le message, le lien, l'expediteur ou les details de paiement.