• Home
• Fin tech

 Kaspersky researchers have detected a sophisticated surge in Business Email Compromise (BEC) and phishing attacks leveraging the Amazon Simple Email Service (Amazon SES). The threat involves attackers exploiting leaked AWS Identity and Access Management (IAM) keys—often found in public repositories or unsecured cloud storage—to send fraudulent emails through Amazon’s legitimate cloud infrastructure.

By utilizing high-reputation IP addresses and official domains such as amazonses.com, these malicious emails effectively bypass traditional spam filters and secure email gateways. Kaspersky highlights that the primary danger lies in the inherent trust associated with Amazon’s servers, making it nearly impossible for automated systems to distinguish between a legitimate password reset and a spear-phishing attempt. Security teams are urged to implement stricter IAM key rotation policies and enhance monitoring for anomalous SES activity.