Microsoft warns of Business Email Compromise (BEC)

Microsoft has expressed concern over the growing sophistication and popularity of Business Email Compromise (BEC) scams, in which criminals impersonate familiar individuals to deceive victims. In their investigation spanning from April 2022 to the previous month, Microsoft discovered a staggering 35 million attempted cases of BEC.

Attackers in these schemes use BulletProftLink, which supports users with a variety of tasks, including the creation of email templates and the hosting of malicious websites referenced in phishing emails. They also use phishing-as-a-service like Evil Proxy, Naked Pages, and Caffeine
to deploy phishing campaigns and obtain compromised credentials. It was used for BEC scams like payroll, invoice, gift cards, business information, and a host of others.

Furthermore, attackers buy IP addresses from third parties in order to set up “residential IP proxies.” This allows hackers to conceal their genuine identity by making the emails look to have been sent from the same place as their victims.

Microsoft responded by emphasizing the need of enterprises having procedures to detect messages originating from third parties. Employees should also be educated to spot the warning indications of malicious emails.

The sources for this piece include an article in Axios.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web