Skip to content
  • Active
  • Severity: High
  • Trojans
  • Windows
  • Verified · Jul 2021

How to remove SendGrid email scam

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Linas Kiguolis · Expert in social media

SendGrid's name used to steal user credentials

Fake SendGrid phishing email link

SendGrid is a legitimate marketing platform that is used by many website developers to monetize their content. In order to operate successfully, users need to create an account on the official website and register their credentials. Cybercriminals now came up with an idea to use the company's name to trick already existing users into accessing malicious links that lead to spoofing websites, where they are asked to enter their login information.

Once that is done, malicious actors manage to get user login details without problems and then hijack the official account. This information can be later used to be sold online on hacking forums, for illegitimate purchases, or for further phishing[1] attempts. Without a doubt, this social engineering attack can cause significant damage to the user.

If you have received an email from SendGrid that doesn't seem right – ignore it immediately. If you have already clicked on malicious links, entered your information, or downloaded something on your system, make sure you remediate the situation as per the instructions we provide below.

Name SendGrid email scam
Type Email scam
Distribution Spam emails sent en masse
Related domain krebs-sucks.com
Dangers Sensitive information leak to cybercriminals, further phishing attacks, identity theft, malware infection, etc.
Detection Always pay attention to the URL address of the domain – it is one of the main giveaways the the sate is fake
Remediation Change all your personal account passwords, scan your system with SpyHunterCombo Cleaner or another reputable anti-malware
System fix If you had malware installed on your system, we recommend you use FortectIntego repair tool to fix virus damage automatically, avoiding the reinstallation of Windows

The contents of the email and scam techniques

It is not a secret that cybercriminals create scams in order to gain maximum benefit from the attack. Therefore, malware is commonly used along with phishing. In fact, some of the most prominent malware, such as Moqs ransomware, is spread with the help of fake installers on various torrent sites,[2] where people are tricked into believing that they are downloading a software crack or a pirated game installer.

Yes, phishing has been around for many years, although it became much more sophisticated over the years. Fake emails barely included any text inside and only came with a malicious attachment or a link. Since then, threat actors have managed to come up with new techniques that are more efficient in convincing users that email is harmless.

Names of popular companies, such as Amazon or Microsoft, are commonly used to mislead victims. In this case, SendGrid is used, although the real company has nothing to do with this scam. Within the email, users are shown the following information:

This email is to notify you that an invoice has been created for your account at
SendGrid, which is due on Wed, 19 Aug 2020 20:35:05 +0000
The Invoice ID is 009334, and is due for the amount of 89.95 dollars.
If you have a credit card on file with us, this invoice will automatically be billed on Wed, 19 Aug 2020 20:35:05 +0000

You may login anytime to make a manual payment at:

Invoice ID – Login

We are available 24/7. If you have any questions, comments, or concerns, please do not hesitate to contact us.

This is an automated alert for your SendGrid account with the username . Manage your alert settings.

:copyright: SendGrid Inc.
1801 California St.
Suite 500, Denver, CO 80202 USA

Since you're a SendGrind customer, we send you emails from time to time with product updates, webinar invites, onboarding help, and im portant info about your account. You can find out more about how we process personal data in our Priv acy Policy. If you no longer wish to receive these emails, you can unsubscribe.

Not only cybercriminals are misusing the name of a well-known marketing company, but they are also trying to create a sense of urgency – this is one of the most used tricks in social engineering attacks. In this case, people are tricked into believing that their accounts will be billed automatically.

Naturally, many people would not know anything about any invoice, hence trying to log into the account and see what is happening. As soon as they click on a link that apparently should lead to a login page, they will be redirected to the krebs-sucks.com website instead.

The malicious website

Unfortunately, not many users pay close attention to the web address bar, and they might not notice that it is fake. The contents of the page look very convincing, however – there is a company's logo and login field that looks legitimate. However, the SendGrid email scam should not be trusted.

How to fix your account and leaked password

Once the credentials are entered, they are delivered to cybercriminals. Even if you realized that the page is fake, your credentials are already leaked, and you should take action immediately. In order to resolve the situation, you should immediately change your login password for every account that it is used on.

If you can no longer access your account, you should contact SendGrid via their official email or a support line and explain what happened – the support staff should help you immediately.

Note that you should never use the same password for multiple accounts and preferably rely on a password manager or browser-offered strong passwords. Enabling two-factor authentication[3] can also be one of the best ways to protect your online account from theft.

If you downloaded any malicious files…

As previously mentioned, by accessing your credentials, hackers might be able to get into your other accounts. In fact, they might also connect to your Windows remotely and plant malware manually. Additionally, if you have clicked on malicious links via a phishing email, it might trigger a chain of events where malware would be downloaded and installed automatically without your knowledge.

Therefore, it is important to perform a full system scan with powerful anti-malware – we recommend using SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. While in most cases, the scan can be performed without problems, sometimes a virus can terminate any processes related to cybersecurity software. In such a case, accessing Safe Mode with Networking and performing a scan from there would resolve the situation:

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.Update & Security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.Recovery
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.Advanced options
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.Press F5 to enable Safe Mode with Networking

Once inside the Safe Mode, launch the security app and perform a system-wide scan. It should be able to find all the malicious files and remove the SendGrid email virus automatically.

It is also important to note that, once the elimination process is complete, it might not be the end of troubles. Malware such as Cometer or ZeroAccess can seriously damage Windows system files, making the OS crash or prevent normal functions from working correctly (such as the Task Manager, for example). 

In order to remediate your system from this damage, we recommend you perform a full system scan with a PC repair tool:

  • Download FortectIntego installer
  • Click on ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.