For the past several months, I’ve been receiving and then ignoring a steady stream of concerning emails from Sendgrid, the popular email delivery service owned by Twilio that I use for sending emails from Breadwinner. I’d see some weird API error notification, login to my SendGrid account, check everything is working properly, and then delete the email. I didn’t pay too close attention to them until I saw a couple very strange ones. Today, I received this one implying SendGrid was going to be adding a “Support ICE” button to all emails sent through their platform:If you’ve been paying any attention at all to US politics, you’ll know how insidiuously provocative this would be if it were a real email.But it isn’t. It’s a phishing email. If you use SendGrid, or have ever used it, you might be getting these too.This phishing campaign is a fascinating example of how sophisticated social engineering has become. Instead of Nigerian 419 scams, hackers have evolved to carefully craft messages sent to professionals that are designed to exploit the American political consciousness.The opt-out buttons are the trap.The AttackHere’s how it works: hackers compromise SendGrid customer accounts (through credential stuffing, password reuse, the usual methods). Once they have access, they can send emails through SendGrid’s infrastructure, which means the emails pass all the standard authentication checks (SPF, DKIM) that your spam filter uses to determine legitimacy. The emails look real because, technically, they are real SendGrid emails sent via SendGrid’s platform and via a customer’s reputation – they’re just sent by the wrong people and wrong domains.They’re likely using a list of SendGrid customers so they can target this to only people who have used the service before.Security researchers at Netcraft dubbed this “Phishception” back in 2024: attackers using SendGrid to phish SendGrid users, creating a self-perpetuating cycle where each compromised account can be used to compromi...
First seen: 2026-01-09 20:52
Last seen: 2026-01-09 23:52