Beware of SendGrid Phishing Scams - Several Examples and How to Protect Yourself

I've been running HAMY LABS since 2019 and have jumped around to various email hosts over the years. At one point I was using SendGrid.

Starting in 2025.11 I noticed an uptick in emails coming from SendGrid notifying me of errors and account changes. I logged into my SendGrid account to check on things and it was barren as I expected it to be - since I'd stopped using it. I assumed this was some sort of fluke.

This week a new crop of emails came in and I've only just realized that this is all part of a phishing scam - they're not coming from SendGrid at all!

So in this post I want to log the various scam emails I've seen to hopefully help others avoid being tricked by this and provide a few ways to avoid getting phished in general. (Luckily I followed one of these rules so even though I was tricked, I didn't get phished!).

SendGrid Phishing Email Examples

Here I'll show examples of a couple types of phishing emails I got posing as SendGrid. Note these did not actually seem to come from SendGrid the company, they were just faked to look like it.

These emails come in several different forms under the given categories so what you see in your email inbox is likely going to be slightly different than what I saw in mine - these phishing operations often try out lots of different variations to see what actually works on unsuspecting targets.

Unexpected Failure Phishing emails

The most common one I got was a notification of some type of failure. I saw API request failures, migration failures, and authentication failures though there are probably more.

These emails seem to try and show something is broken to create a sense of urgency in me - oh no, I need to fix this now! I didn't follow that link but they're trying to get me to click on one of them and log into some fake portal which will probably log my credentials somewhere they can get access to it.

The branding is well-formed, including the brand marks and street address for the company (not sure if that's the correct street address, but an address is there).

Account Change Notification Phishing Emails

Another version that actually got me to log into SendGrid to see what was happening was a notification about a sub-user being added to my account. This is a pretty typical notification to expect as a security precaution when a major change happens.

Here they're trying to get me with urgency as if I didn't make this change (I didn't) it could be a potential security issue. And they did get me - I just didn't click the link they wanted me to and instead logged into SendGrid directly only to find nothing looked wrong.

Opt Out Change Phishing Emails

This one almost got me and made me take a closer look. It's an email stating that a "support ICE" button will be placed inside of every email I send unless I opt out now. I thought this was so random and bold for SendGrid to do this considering the ongoing unrest around ICE - and also super unprofessional, why roll out a huge change like this when it likely doesn't make sense for 99% of customer emails?

For those that don't know, the current US Government has deployed ICE (Immigration and Customs Enforcement) to cities around the country to round up "illegals". This is a big deal as 1) may not be legal, 2) they often get citizens instead, and 3) numerous reports of brazen violence.

I was about to share a screenshot to Twitter when I was like wait a minute, let me double check this. So I did and realized that this did not come from a sendgrid domain at all!

Here they're using emotion and a sense of urgency to try and get me to click the button. No I don't want an ICE ad on my emails - better act fast or it's going to be added to ALL of them!

How to avoid phishing attacks

You can't really avoid phishing attacks - they'll land in your inbox whether you like it or not. But what we can do is avoid the impact of these attacks.

• Never (EVER) click links in an email / text message. This is the one that saved me. I never click links in emails / texts so even though I got tricked by two different emails (account change and ICE support) nothing bad happened because I didn't click their links which would've led me to a fake website / malicious website to steal my info.
• Double check who the email is from. It's easy to fake branding and sender names but harder to fake email addresses (not impossible though so still be careful and don't click links). I got emails from many different domains, none of which were SendGrid. It doesn't mean these domains are necessarily bad but they were at least compromised and used to send bad emails. A quick sample of some of the domains that sent these emails: truefit [dot] com, nysar [dot] org, mooreandgiles [dot] com, theraoffice [dot] com, leasebusters [dot] com
• If something seems strange, do a double or triple take. This is what happened with the ICE email. I was like this is the craziest thing for a company to do, why would they do this? Then I saw - oh yeah, they didn't. But even other things like why am I getting so many API failures, I don't even use this or why is the formatting looking weird can be tips this is fake.
• Use a password manager. This one is indirect but super useful. Password managers will only autofill for the domain a password was saved on. So if you do click a malicious link then a good password manager will not autofill. Obvs this doesn't help if you still go through the motions to fill it in yourself but it's a quick nudge to double check the domain you're on - WHY isn't the password manager autofilling? Is this the correct domain?

Next

Phishing emails have been around forever so this attack isn't exactly new. What is new is that AI is getting better and better at creating exact copies of emails and web pages so that it's much harder to notice small flaws that could lead you to suspect phishing. As AI continues to improve, we'll likely see even more advanced attacks like flawless impersonations over audio and video.

Note: If you see a scam like this, be sure to report it! Most email tools have a way to report spam / phishing so it's a good way to give data to the algorithm to start weeding those out.

If you liked this post you might also like:

• PSA: Don't Download Take Home Challenges from Untrusted Recruiters
• Notion + Data Loss / Privacy - Should you be worried about losing or leaking your notes?
• If AI can code, what will Software Engineers do?