SendGrid email scam Removal Guide
What is SendGrid email scam?
SendGrid's name used to steal user credentials
Email link directs users to a spoofing site, where, if entered, the credentials are stolen by cybercriminals
SendGrid is a legitimate marketing platform that is used by many website developers to monetize their content. In order to operate successfully, users need to create an account on the official website and register their credentials. Cybercriminals now came up with an idea to use the company's name to trick already existing users into accessing malicious links that lead to spoofing websites, where they are asked to enter their login information.
Once that is done, malicious actors manage to get user login details without problems and then hijack the official account. This information can be later used to be sold online on hacking forums, for illegitimate purchases, or for further phishing attempts. Without a doubt, this social engineering attack can cause significant damage to the user.
If you have received an email from SendGrid that doesn't seem right – ignore it immediately. If you have already clicked on malicious links, entered your information, or downloaded something on your system, make sure you remediate the situation as per the instructions we provide below.
|Name||SendGrid email scam|
|Distribution||Spam emails sent en masse|
|Dangers||Sensitive information leak to cybercriminals, further phishing attacks, identity theft, malware infection, etc.|
|Detection||Always pay attention to the URL address of the domain – it is one of the main giveaways the the sate is fake|
|Remediation||Change all your personal account passwords, scan your system with SpyHunter 5Combo Cleaner or another reputable anti-malware|
|System fix||If you had malware installed on your system, we recommend you use ReimageIntego repair tool to fix virus damage automatically, avoiding the reinstallation of Windows|
The contents of the email and scam techniques
It is not a secret that cybercriminals create scams in order to gain maximum benefit from the attack. Therefore, malware is commonly used along with phishing. In fact, some of the most prominent malware, such as Moqs ransomware, is spread with the help of fake installers on various torrent sites, where people are tricked into believing that they are downloading a software crack or a pirated game installer.
Yes, phishing has been around for many years, although it became much more sophisticated over the years. Fake emails barely included any text inside and only came with a malicious attachment or a link. Since then, threat actors have managed to come up with new techniques that are more efficient in convincing users that email is harmless.
Names of popular companies, such as Amazon or Microsoft, are commonly used to mislead victims. In this case, SendGrid is used, although the real company has nothing to do with this scam. Within the email, users are shown the following information:
This email is to notify you that an invoice has been created for your account at
SendGrid, which is due on Wed, 19 Aug 2020 20:35:05 +0000
The Invoice ID is 009334, and is due for the amount of 89.95 dollars.
If you have a credit card on file with us, this invoice will automatically be billed on Wed, 19 Aug 2020 20:35:05 +0000
You may login anytime to make a manual payment at:
Invoice ID – Login
We are available 24/7. If you have any questions, comments, or concerns, please do not hesitate to contact us.
This is an automated alert for your SendGrid account with the username . Manage your alert settings.
:copyright: SendGrid Inc.
1801 California St.
Suite 500, Denver, CO 80202 USA
Since you're a SendGrind customer, we send you emails from time to time with product updates, webinar invites, onboarding help, and im portant info about your account. You can find out more about how we process personal data in our Priv acy Policy. If you no longer wish to receive these emails, you can unsubscribe.
Not only cybercriminals are misusing the name of a well-known marketing company, but they are also trying to create a sense of urgency – this is one of the most used tricks in social engineering attacks. In this case, people are tricked into believing that their accounts will be billed automatically.
Naturally, many people would not know anything about any invoice, hence trying to log into the account and see what is happening. As soon as they click on a link that apparently should lead to a login page, they will be redirected to the krebs-sucks.com website instead.
Unfortunately, not many users pay close attention to the web address bar, and they might not notice that it is fake. The contents of the page look very convincing, however – there is a company's logo and login field that looks legitimate. However, the SendGrid email scam should not be trusted.
How to fix your account and leaked password
Once the credentials are entered, they are delivered to cybercriminals. Even if you realized that the page is fake, your credentials are already leaked, and you should take action immediately. In order to resolve the situation, you should immediately change your login password for every account that it is used on.
If you can no longer access your account, you should contact SendGrid via their official email or a support line and explain what happened – the support staff should help you immediately.
Note that you should never use the same password for multiple accounts and preferably rely on a password manager or browser-offered strong passwords. Enabling two-factor authentication can also be one of the best ways to protect your online account from theft.
If you downloaded any malicious files…
As previously mentioned, by accessing your credentials, hackers might be able to get into your other accounts. In fact, they might also connect to your Windows remotely and plant malware manually. Additionally, if you have clicked on malicious links via a phishing email, it might trigger a chain of events where malware would be downloaded and installed automatically without your knowledge.
Therefore, it is important to perform a full system scan with powerful anti-malware – we recommend using SpyHunter 5Combo Cleaner or Malwarebytes. While in most cases, the scan can be performed without problems, sometimes a virus can terminate any processes related to cybersecurity software. In such a case, accessing Safe Mode with Networking and performing a scan from there would resolve the situation:
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Click Restart.
- Press 5 or click 5) Enable Safe Mode with Networking.
Once inside the Safe Mode, launch the security app and perform a system-wide scan. It should be able to find all the malicious files and remove the SendGrid email virus automatically.
It is also important to note that, once the elimination process is complete, it might not be the end of troubles. Malware such as Cometer or ZeroAccess can seriously damage Windows system files, making the OS crash or prevent normal functions from working correctly (such as the Task Manager, for example).
In order to remediate your system from this damage, we recommend you perform a full system scan with a PC repair tool:
- Download ReimageIntego installer
- Click on ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process
- The analysis of your machine will begin immediately
- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.
How to prevent from getting trojans
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.