Email security , Cloud Security , Identity Amazon SES abused for sophisticated phishing attacks May 5, 2026 Share By SC Staff (Adobe Stock) The Amazon Simple Email Service (SES) is increasingly being abused to distribute convincing phishing emails that can bypass standard security filters and render reputation-based blocking ineffective. This surge in abuse is likely due to a significant number of exposed AWS Identity and Access Management access keys found in public repositories, based on information published by Bleeping Computer. Attackers are leveraging Amazon SES, a legitimate and trusted service, to send malicious emails that bypass authentication checks like SPF, DKIM, and DMARC. Kaspersky researchers believe the primary driver for this abuse is the widespread exposure of AWS credentials in public assets such as GitHub repositories, .ENV files, and S3 buckets. Threat actors use automated tools like TruffleHog to scan for these leaked secrets, validate permissions, and then distribute a massive volume of phishing messages. The phishing campaigns are sophisticated, using custom HTML templates that mimic legitimate services like DocuSign and employing realistic login flows. They also include advanced business email compromise (BEC) attacks, fabricating email threads and fake invoices to trick finance departments. Blocking the offending IP addresses is not a viable solution, as it would disrupt all legitimate emails sent via Amazon SES. Kaspersky recommends implementing least privilege IAM permissions, multi-factor authentication, regular key rotation, and IP-based access restrictions to mitigate these threats. "If anyone suspects that AWS resources are being used for abusive activity, they can report it to AWS Trust & Safety," said an AWS spokesperson in a statement to Bleeping Computer. Amazon said it quickly responds and takes appropriate action on reports of potential violations of its terms of service and referred to its guidance on protecting AWS accounts from unauthorized access. Source: Bleeping Computer An In-Depth Guide to Cloud Security Get essential knowledge and practical strategies to fortify your cloud security. Learn More SC Staff Related Email security Commercial spam and phishing attacks increasingly leverage trusted platforms SC Staff May 1, 2026 Commercial spam now constitutes 46% of all spam globally, with a significant portion originating from compromised accounts and free email services, according to VIPRE Security Group's Q1 2026 Email Threat Trends Report. Threat Management Microsoft: QR code, CAPTCHA-gated phishing more than double in Q1 2026 Laura French May 1, 2026 The company detected about 8.3 billion email-based phishing threats between January and March. Phishing Robinhood account creation flaw exploited for phishing emails SC Staff April 28, 2026 Attackers abused a flaw in Robinhood's onboarding process, allowing them to inject HTML into account confirmation emails. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Biometrics Bring Your Own Device (BYOD) Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Cloud Computing Digest Authentication Email Spoofing Post Office Protocol, Version 3 (POP3) Spam Store-and-Forward You can skip this ad in 5 seconds