what happens when you ‘click the link’? Part 3 – Reply

In part 2 we identified that the otherwise legitimate service SendGrid was being used as the distribution method for our phishing email. As good neighbours on the Internet we reported the phishing email and included the relevant headers for SendGrid to be able to investigate. After less than 12 hours we received our reply, rather generic in nature (as you might expect) but somewhat reassuring that a tiny chip in the structure of another threat actors network has been eroded away.