LEGALAUDIT

Scam Watch

Come riconoscere Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing?

In breve

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Come funziona

Attackers abuse Amazon's legitimate email infrastructure (SES) to send phishing that bypasses security filters. Emails pass SPF, DKIM, and DMARC checks, and URLs show trusted 'amazonaws.com' domains before redirecting to credential...

Indicatori rossi

  • Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in
  • Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks
  • BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Cosa fare

  1. 1Never enter credentials from email links — navigate directly to the service's official website instead
  2. 2For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender
  3. 3Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

Fonte

securelist

Fonte verificata da Mythos Forensic Team

https://securelist.com/amazon-ses-phishing-and-bec-attacks/119623/

FAQ

Fake Document Alerts and BEC: Amazon SES Weaponized for Phishing e una truffa reale?

Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.

Quali sono i primi segnali?

Unexpected document signing requests (Docusign style) arrive via email, asking you to click and log in; Login forms hosted on amazonaws.com URLs, designed to look trustworthy and bypass URL checks; BEC emails impersonate colleagues or vendors, quoting fake internal conversations about urgent invoice payments

Cosa devo fare subito?

Never enter credentials from email links — navigate directly to the service's official website instead; For urgent payment or document requests, verify via a separate channel (phone/call) with the supposed sender; Monitor for exposed AWS IAM keys in your repositories; attackers harvest these to launch phishing campaigns at scale

LegalAudit puo controllare il mio caso?

Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.