- BEC actors are sending emails via typo-squatted domains to employees working remotely.
- The messages request the employee to purchase gift cards for the whole remote team.
- The actors are first doing some reconnaissance on social media profiles and the target’s website.
BEC (Business Email Compromise) campaigns never stopped being a million-USD-scale threat to organizations around the globe. Still, Microsoft is now warning about a new campaign involving gift card scams, which could dangerously increase the rate of success for the crooks. As the piece details, the actors are targeting remote-working victims via emails that supposedly come from their boss. What the message asks the recipient to do is to purchase gift cards for everyone in the team, supposedly to keep them happy during the pandemic. Sounds legit, right?
The scammers are doing the proper reconnaissance first, scrutinizing social media profiles, the official company website, LinkedIn, etc. This way, they get to learn the names of the bosses, managers, heads of departments, executives, and anyone who could realistically send an instruction for the purchase of gift cards as a morale booster.
According to Microsoft’s report, the most targeted sector by this particular campaign is that of “Consumer goods,” enjoying a share of 38%. The reason for this could be that most of the companies in this field are now working remotely.
The delivery of the messages of this particular campaign alone happens through 120 typo-squatted domains, so an equal number of organizations were impersonated. To avoid blacklisting problems, the actors registered the domains right before the stage of sending out the emails. The scammers didn’t bother paying for name masking, as they used auto-generated random names for the registration anyway.
Microsoft points out that defending against the BEC menace is not a simple effort, but the firm has several mechanisms in place created to tackle the problem. First, its artificial intelligence tools can process trillions of signals each day, raising flags for further investigation to be carried out by human threat researchers. These signals concern actor fingerprints, infrastructure, and even phishing and BEC techniques that feature certain identifiable patterns.
Then, Microsoft’s DCU team works in parallel to take down infrastructure that is linked with campaigns of this kind. We have seen this happening many times in the recent past, with some notable examples including the “Thallium” group of hackers, the “Necurs” botnet, and also the “Trickbot.”
As for what organizations can do to protect themselves and their workforce against BEC actors, Microsoft suggests the following:
- Use an email security solution.
- Conduct email security training.
- Implement multi-factor authentication.
- Review your protection against domain spoofing.
- Implement authentication safeguards for financial transactions.