Business Email Compromise (BEC) attacks are constantly on the rise. In 2022, the FBI reported receiving close to 22,000 complaints, with a loss of over $2.7 billion due to such attacks.
Usually, these attacks are launched via spoofed email addresses, requesting recipients for wire transfers against an invoice or a gift card. However, a new tactic adopted by BEC scammers has come to light.
The new tactic
According to findings by Microsoft, the latest tactic involves scammers purchasing IP addresses from residential IP services.
These IP addresses purchased match the location of the victim, allowing scammers to mask the origin of their login attempts.
It provides cybercriminals an opportunity to access the victim’s account and gather other credentials.
The tactic has frequently been used to target users in Asia and Eastern Europe.
Another notable attack pattern
Microsoft also noticed a pattern in which attackers used a phishing-as-a-service platform, BulletProftLink, to obtain login credentials.
This platform is widely used for creating large-scale malicious email campaigns and offers a comprehensive service that includes templates, hosting, and automate featured designed for BEC.
Moreover, adversaries employing this service are provided with IP addresses to launch a successful BEC attack.
Top targets
Top targets for BEC attacks were executives and other senior leaders, finance managers, and human resources staff with access to employee records such as Social Security numbers, tax statements, and other PII.
Top trends for targeted BEC include lure, payroll, invoice, gift card, and business information.
Recommendation
Enterprises can enable notifications and configure mail systems to flag messages sent from external parties. MFA-enabled email accounts are more resistant to the risk of credential theft and brute-force login attempts. Last, but not the least, employees must be trained to spot early signs of BEC attacks.