Microsoft warns of Business Email Compromise (BEC)

Share post:

Microsoft has expressed concern over the growing sophistication and popularity of Business Email Compromise (BEC) scams, in which criminals impersonate familiar individuals to deceive victims. In their investigation spanning from April 2022 to the previous month, Microsoft discovered a staggering 35 million attempted cases of BEC.

Attackers in these schemes use BulletProftLink, which supports users with a variety of tasks, including the creation of email templates and the hosting of malicious websites referenced in phishing emails. They also use phishing-as-a-service like Evil Proxy, Naked Pages, and Caffeine
to deploy phishing campaigns and obtain compromised credentials. It was used for BEC scams like payroll, invoice, gift cards, business information, and a host of others.

Furthermore, attackers buy IP addresses from third parties in order to set up “residential IP proxies.” This allows hackers to conceal their genuine identity by making the emails look to have been sent from the same place as their victims.

Microsoft responded by emphasizing the need of enterprises having procedures to detect messages originating from third parties. Employees should also be educated to spot the warning indications of malicious emails.

The sources for this piece include an article in Axios.

SUBSCRIBE NOW

Related articles

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Hertz Data Breach Exposes Customer Information via Supply Chain Hack

Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive...

Google’s New Security Feature – Automatic Reboot

Google is introducing a new security feature in its latest Android update that will automatically reboot phones and...

Cybersecurity Firm Prodaft Buys Hacker Forum Accounts to Monitor Cybercriminal Activity

Swiss cybersecurity company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways