Huge Business Email Compromise Campaign Targets More Than 120 Organizations

Huge BEC CampaignAccording to Bleeping Computer, Microsoft reported that a large business email compromise (BEC) campaign has targeted dozens of organizations. The industries targeted varied from real estate to professional services.

BEC attacks are a type of CEO Fraud, and these scam artists use social engineering tactics to trick victims into compromising their business email accounts which would be redirected to their own control. The Microsoft 365 Defender Threat Intelligence Team said in a statement, ""We observed patterns in using the correct domain name but an incorrect TLD, or slightly spelling the company name wrong. These domains were registered just days before this email campaign began".

Microsoft noted that these cybercriminals used fake replies to make the email seem more legitimate. Below is an example of one of these types of emails reported: 

Screen Shot 2021-05-10 at 8.45.56 AM

Source: Microsoft

The cybercriminals are getting more sophisticated by making the email appear to be a previously replied email. The recipient, sender, and subject in the email body this email could fool anyone who is not aware of this type of attack. 

When we reported the FBI IC3 2020 Crime Report, it was noted that the most money lost was due to BEC scams. This will continue to trend in future years unless measures are taken. New-school security awareness training can teach your users the common red flags to spot when they receive a suspicious email. 

Bleeping Computer has the full story

Discover dangerous look-alike domains that could be used against you! 

Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

DomainDoppelgangerResults-1Here's how it's done:

  • Get detailed results of look-alike domains found similar to your primary email domain
  • You can now quiz your users with your look-alike results
  • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
  • It only takes a few minutes to discover your “evil domain twins”!

Find Your Look-Alike Domains!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews