Researchers report Amazon SES abused in phishing to evade detection
Researchers report Amazon SES abused in phishing to evade detection
Publish Date: 2026-05-04 16:03:28
Source Domain: www.bleepingcomputer.com
Cybersecurity firm Kaspersky reports a notable rise in phishing attacks exploiting Amazon’s Simple Email Service (SES).
Kaspersky has observed a surge in phishing emails sent through Amazon SES, which bypass standard security filters and reputation-based blocks due to the service’s legitimacy. This increase correlates with the exposure of numerous AWS Identity and Access Management (IAM) access keys in public repositories and resources. Attackers use these keys to send convincing phishing emails using sophisticated, personalized templates that appear legitimate, targeting both individuals and businesses to steal personal information or financial data. The attackers automate the process of scanning for exposed credentials and validate their access to send large volumes of malicious emails with reduced effort. Kaspersky recommends companies adopt stricter IAM policies, enforce multi-factor authentication, and use encryption controls to mitigate this threat. Amazon has stressed its proactive stance in addressing potential misuse of its resources.
Key Points:
- Phishing attacks via Amazon SES have significantly increased recently.
- Exposed AWS access keys contribute to the phishing rise.
- Attackers use advanced phishing tactics to mimic real services like DocuSign.
- Abuse of Amazon SES evades common protection measures like SPF, DKIM, and DMARC.
- Amazon advises prompt reporting of abusive use of its services.
