Threat actors are exploiting legitimate SendGrid mailing service to spoof HMRC phishing emails that bypass spam filters. A security researcher known as TheAnalyst shared information with BleepingComputer. Phishing page collects sensitive details such as passport and driving license number. SendGrid has promised to fix the problem at the start of next year, but no concrete solution has been found yet. The company advised reports of any malicious emails should be made to their Consumer Trust Team so they could be investigated and actioned upon.
Source: https://www.bleepingcomputer.com/news/security/hmrc-phishing-scam-abuses-mail-service-to-bypass-spam-filters/