Experts warn Amazon’s Simple Email Service is being abused to launch ‘massive volume’ of phishing attacks
- Attackers are hijacking exposed AWS credentials to send large‑scale phishing emails via Amazon SES
- Malicious messages bypass SPF, DKIM, and DMARC checks, landing directly in inboxes
- Researchers warn the trend is growing, urging stricter IAM practices and key management
The Amazon Simple Email Service (SES) is being abused to launch a “massive volume” of phishing attacks which easily bypass current defenses and expose victims to risks of credential and identity theft.
Security researchers Kaspersky sounded the alarm in a new report which noted, “Specifically, we’ve recently observed an uptick in phishing attacks leveraging Amazon SES.”
The attackers start by stealing exposed AWS credentials. By using TruffleHog (or similar utilities), they scan GitHub repositories, .ENV files, Docker images, backups, and publicly accessible S3 buckets at scale, looking for login credentials for Amazon Web Services.
Article continues below
Passing all of the checks
Once found, they analyze permissions and email distribution capabilities: “After verifying the key’s permissions and email sending limits, attackers are equipped to spread a massive volume of phishing messages,” Kaspersky said.
The messages are carefully crafted, containing custom HTML templates that imitate legitimate services, and highly realistic login flows. The themes vary, from fake DocuSign documents, to Business Email Compromise (BEC) campaigns.
Being a legitimate service itself, Amazon SES allows the attackers’ emails to clear authentication checks such as SPF, DKIM, and DMARC protocols, landing the malicious messages directly into people’s inboxes. Furthermore, blocking by IP also doesn’t work, since it would ban all emails coming from Amazon SES.
“Phishing via Amazon SES is shifting from isolated incidents into a steady trend,” Kaspersky warned. “By weaponizing this service, attackers avoid the effort of building dubious domains and mail infrastructure from scratch. Instead, they hijack existing access keys to gain the ability to blast out thousands of phishing emails.”
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To mitigate the risks, Kaspersky recommends users implement the principle of least privilege when configuring IAM access. They also recommend transitioning from IAM access keys to roles when configuring AWS, and enabling multi-factor authentication.
IP-based access restrictions should be configured, as well as automated key rotation. Finally, users should use the AWS KEy Management Service to encrypt data and manage keys from a centralized location.

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Source
Attackers are hijacking exposed AWS credentials to send large‑scale phishing emails via Amazon SES Malicious messages bypass SPF, DKIM, and DMARC checks, landing directly in inboxes Researchers warn the trend is growing, urging stricter IAM practices and key management The Amazon Simple Email Service (SES) is being abused to launch…
Recent Posts
- Dave Eggers told OpenAI staff that ChatGPT was ‘silencing an entire generation’
- France doubles down on restricting access to Polymarket
- Apple has banned home service content on upcoming Maps ads
- Google might not kneecap the Pixel 11a with an old processor
- How to watch France vs England: Free Streams, TV Channels & Kick-Off time for FIFA World Cup 2026 third place play-off
Archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023