Blog

Microsoft 365 Accounts Targeted In New BEC Scam

Sep 30, 2022 | Blog

Recently, researchers at Mitiga have sounded the alarm about a new Business Email Compromise (BEC) campaign.  They discovered evidence of the campaign responding to another incident and have watched the campaign grow in scope and scale over time.

Here’s how the attack works:

The individual targeted by the campaign receives an email that appears to be from a bank and explains that the corporate account they usually send payments to has been frozen while a financial audit is underway.

In the meantime, the email explains that if the target needs to send payments, they can follow the instructions below the message.

The instructions appear to be inside a document behind a DocuSign wall, which is a contract management platform used widely in the corporate world.

To access the instructions, a potential victim needs to press the “Review Documents” button, which hands the victim off to a website controlled by the hackers.

These websites typically have names that appear to be legitimate companies the victim is familiar with, but a careful review of the URL will reveal an intentional typo, which gave rise to the term “typosquatting” to describe this very phenomenon.

On this page, the victim is asked to log into the Windows domain. If they do so, they inadvertently hand the attackers their Microsoft 365 account details which can be used later for any nefarious purpose the hacker’s desire.

On the face of it, this may not seem terribly convincing, but the hackers employ several tricks to make it seem completely legitimate.  Chief among these is the fact that the hackers hijack existing email streams and interrupt them. So to a reader who’s not paying close attention, the instructions seem to come from someone the victim is having an ongoing conversation with.

So far, the campaign has been devastatingly effective, so keep your guard up.  You don’t want to become their next victim.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech