Threat Actors Sent Malicious Emails Using Google SMTP Relay Service

Cybercriminals conducting phishing attacks now take advantage of Google SMTP relay service to get around email security software and successfully send malicious email messages to their victims.

A report from email security company Avanan shows that there has been a sharp increase in cybercriminals exploiting Google’s SMTP relay service since April 2022. According to the firm, this strategy was used to distribute at least 30,000 emails in the first two weeks of April.

What Is Google SMTP Relay Service?

Google provides an SMTP (Simple Mail Transfer Protocol) relay service that Gmail and Google Workspace users can utilize to send outgoing email messages.

This service is used by organizations everywhere for different reasons, varying from not having to manage an external mail server to using it for marketing emails to avoid having their mail server added to a block list.

How Does The Attack Happen?

According to the email security firm, cybercriminals can spoof other Gmail tenants using Google’s SMTP relay service without being noticed if those domains don’t have a DMARC policy configured with the ‘reject’ directive.

DMARC (the abbreviation of Domain-based Message Authentication and Reporting and Conformance) is an email authentication protocol developed to provide email domain owners with the capability to

Read More: https://heimdalsecurity.com/blog/threat-actors-sent-malicious-emails-using-google-smtp-relay-service/