Business email compromise (BEC) attackers use various techniques to impersonate legitimate senders and trick recipients into transferring money or disclosing sensitive information. According to the FBI, BEC attacks resulted in more than $2.7 billion in losses in 2022.

In this blog post, we will summarize the main findings of a recent report by Microsoft Security Insider, titled “Shifting tactics fuel surge in business email compromise”. The report analyses the latest trends and developments in BEC attacks, based on Microsoft’s threat data and research. The report also provides guidance on how to prevent and respond to BEC attacks.

Three key highlights:

  • BEC attackers are increasingly using residential IP addresses to evade detection and appear locally generated. This tactic allows them to bypass “impossible travel” alerts, which are used to flag suspicious account activity based on physical location. Microsoft has observed a 38% increase in Cybercrime-as-a-Service (CaaS) targeting business email between 2019 and 2022, with threat actors in Asia and Eastern Europe being the most active.

Business Email Compromise Phishing Mail by Type

Data represents a snapshot of BEC phishing by type January 2023 through April 2023

Source: Microsoft
  • BEC attackers are leveraging platforms like BulletProftLink, a popular CaaS that offers an end-to-end service for creating and launching malicious email campaigns. BulletProftLink provides templates, hosting, and automated services for BEC attackers, as well as credentials and IP addresses of the victims.

  • BEC attackers are using various social engineering techniques to manipulate their targets, such as spoofing domains, impersonating executives or vendors, creating fake invoices or contracts, exploiting urgent or confidential situations, and requesting changes in payment details or methods.

Defence strategies:

  • Educating employees on how to spot and report phishing emails and BEC attempts.
  • Implementing multi-factor authentication (MFA) and conditional access policies for email accounts and cloud services.
  • Using email security solutions that can detect and block malicious emails and domains.
  • Reviewing payment processes and procedures regularly and verifying any changes with trusted sources.
  • Reporting any suspected or confirmed BEC incidents to law enforcement agencies.

BEC attacks are a serious threat to organizations and individuals who rely on email for financial transactions. By understanding the tactics and techniques of BEC attackers, and by following the best practices for email security, we can reduce the risk and impact of these attacks.