Seeing both sides of a service abuse financial fraud using YOPmail disposable messages

Sublime's Attack Spotlight series aims to educate readers about the email threat landscape by presenting real-life attack examples, adversary tactics, and detection methods, emphasizing the prevention of such threats with a free Sublime account. A recent focus is on a callback phishing attack using Google Workspace, where a distribution list relay facilitates the spread of fraudulent invoices with a "helpline number" intended to lure targets into further interaction. The novelty of this attack lies in the use of a YOPmail reply-to address, which is a disposable email service allowing public access to its inboxes without a password. The attacker exploited a free Adobe Creative Cloud trial to send signing requests via a configured distribution list, demonstrating how easily multiple free services can be abused to accelerate attack campaigns. Sublime's AI-powered detection engine identified key signals of this attack, such as messages from unknown domains and suspicious document notifications, effectively preventing it. Users are encouraged to create a free Sublime account for comprehensive protection against such threats.