Warning: Phishing email purporting to be from Mailgun uses an invoice to trick users

Posted by Akankasha Dewan on 09 February 2021 19:55:48 AEDT

Don’t panic if you receive an email supposedly from Mailgun Technologies claiming an invoice is due. This is part of a phishing email scam designed to harvest your confidential data.

The email uses a display name of “Mailgun Support”, and its subject contains an invoice number. The email body contains details of the invoice, including the amount due, and when it was generated. A link is also provided for recipients to access the invoice. It ends with Mailgun’s logo, along with a footer containing links related to the company’s privacy policy and how to unsubscribe. The email is actually sent from a SendGrid account.

Here’s what it looks like:


Unsuspecting recipients who click on the link to pay the invoice are led to a fake login page. This page is a faithful representation of the actual Mailgun login page, and employs high-quality branding elements belonging to the tech company. Here’s what it looks like:


This is actually a phishing page that is hosted on a compromised Wordpress website. Once users “log in” and enter their credentials, the attacker harvests them for later use, and the user is met with an error saying that the credentials are invalid, as per the below:


After a couple of attempts to “log in”, users will be redirected to the actual Mailgun login page.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click on it. 

 Cybercriminals frequently exploit the branding of global companies like Mailgun in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target. Many companies use Mailgun to communicate with their customers via email, or else pay marketing firms to do that on their behalf using Mailgun’s services. Receiving an email informing them that an invoice from the company is due is might be concerning among companies. They may want to take immediate action in order to minimise disruptions to email communications with their customers. Cybercriminals hope that in their urgency to rectify the issue, users don’t pause to check for the legitimacy of the email and click on the phishing link.

MailGuard has intercepted several malicious emails impersonating Mailgun earlier, including one asking users to update their account details, and another one claiming your Mailgun account is suspended.

In this particular case, cybercriminals have attempted to boost the credibility of this email scam by incorporating Mailgun’s logo & branding. The inclusion of the invoice’s “details” in the email body (like the invoice number, and when it’s due etc.) is also an attempt to convince users that the invoice is genuine.

Despite this attempt, eagle-eyed recipients would be able to identify the inauthenticity of the emails due to several red flags. These include the fact that the recipient isn’t directly addressed in the email, and that it contains several spacing and formatting issues.

Mailgun lists the following advice on its support page:

“If you’ve received spam from a Mailgun customer, please report it to abuse@mailgun.com. Send us the full email headers of the spam message so we can more quickly process your request and clean up our email stream.”

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 


One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing email scams fraud fastbreak mailgun SendGrid

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all