Signal

Phishing campaigns increasingly exploit legitimate email services for sophisticated attacks

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-04 10:00 UTCUpdated 2026-05-04 15:00 UTC

rss

phishingemail_securitycredential_theftsocial_engineeringcloud_security

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Security Blog · News · microsoft.com · 2026-05-04 15:00 UTC

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Securelist (Kaspersky) · News · securelist.com · 2026-05-04 10:00 UTC

limited source diversity in top sources

View all evidence

Overview

Recent phishing campaigns have demonstrated growing sophistication by leveraging legitimate email infrastructure to bypass security measures.

Entities

MicrosoftAmazonKasperskyMicrosoft DefenderRoman Dedenok

Score total

0.98

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent campaigns show increased use of legitimate infrastructure for phishing.
Attackers refine tactics to evade evolving security controls.
Awareness is critical as these methods target large user populations globally.

Why it matters

Phishing attacks leveraging trusted email services are harder to detect and block.
Multi-stage social engineering increases the likelihood of credential theft.
Abuse of cloud email platforms like Amazon SES challenges existing email security protocols.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Phishing campaigns are increasingly using legitimate email services to bypass security controls.
Attackers use multi-stage social engineering and polished email templates to increase phishing credibility and evade detection.
Amazon SES is abused by attackers to send authenticated phishing emails that pass SPF, DKIM, and DMARC checks, making detection difficult.

How sources frame it

Microsoft Defender Security Research Team: neutral
Roman Dedenok / Kaspersky Securelist: neutral

This briefing highlights the growing trend of phishing campaigns exploiting legitimate email services and sophisticated social engineering to bypass security controls and steal credentials.

All evidence

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Security Blog · microsoft.com · 2026-05-04 15:00 UTC

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Securelist (Kaspersky) · securelist.com · 2026-05-04 10:00 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

Microsoft Security Blog (1)
Securelist (Kaspersky) (1)

Top origin domains (this list)

microsoft.com (1)
securelist.com (1)