Security News > 2021 > May > Microsoft: Business email compromise attack targeted dozens of orgs
Microsoft detected a large-scale business email compromise campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started.
BEC scammers use various tactics to compromise business email accounts, later used to redirect payments to bank accounts under their control or target employees in gift card scams.
"We observed patterns in using the correct domain name but an incorrect TLD, or slightly spelling the company name wrong. These domains were registered just days before this email campaign began," the Microsoft 365 Defender Threat Intelligence Team said.
Despite the scammers' efforts to match the spoofed domains to the right target, Microsoft "The registered domains did not always align with the organization being impersonated in the email."
"Filling these headers in made the email appear legitimate and that the attacker was simply replying to the existing email thread between the Yahoo and Outlook user," Microsoft added.
"This characteristic sets this campaign apart from most BEC campaigns, where attackers simply include a real or specially crafted fake email, adding the sender, recipient, and subject, in the new email body, making appear as though the new email was a reply to the previous email."
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)