Attackers are weaponizing Amazon Simple Email Service (SES) using compromised AWS IAM keys to launch highly convincing phishing and Business Email Compromise (BEC) campaigns. Because the emails originate from legitimate Amazon infrastructure, they successfully pass standard authentication protocols like SPF, DKIM, and DMARC, making detection difficult without disrupting legitimate business workflows.