Microsoft warns of Business Email Compromise (BEC)

Share post:

Microsoft has expressed concern over the growing sophistication and popularity of Business Email Compromise (BEC) scams, in which criminals impersonate familiar individuals to deceive victims. In their investigation spanning from April 2022 to the previous month, Microsoft discovered a staggering 35 million attempted cases of BEC.

Attackers in these schemes use BulletProftLink, which supports users with a variety of tasks, including the creation of email templates and the hosting of malicious websites referenced in phishing emails. They also use phishing-as-a-service like Evil Proxy, Naked Pages, and Caffeine
to deploy phishing campaigns and obtain compromised credentials. It was used for BEC scams like payroll, invoice, gift cards, business information, and a host of others.

Furthermore, attackers buy IP addresses from third parties in order to set up “residential IP proxies.” This allows hackers to conceal their genuine identity by making the emails look to have been sent from the same place as their victims.

Microsoft responded by emphasizing the need of enterprises having procedures to detect messages originating from third parties. Employees should also be educated to spot the warning indications of malicious emails.

The sources for this piece include an article in Axios.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways