Common BEC Attack Activity<\/h2>\n\n\n\n<\/div>\n\n\n\n\n\nFinancial Fraud<\/mark><\/h3>\n\n\n\nMicrosoft experts have observed that attackers create domain impersonations to trick users into thinking they are engaging with legitimate third parties for financial transactions. Attackers compromise the third party and respond through the same email thread to request money transfers. It is challenging to detect these attacks as they usually originate from genuine third-party email addresses.<\/p>\n<\/div>\n\n\n\n
\n![\"paper](\"https:\/\/cwsisecurity.com\/wp-content\/uploads\/2024\/01\/Website-landscape-images-7.png\")
<\/figure>\n<\/div>\n<\/div>\n\n\n\nLateral Movement Through Internal Phishing<\/mark><\/h3>\n\n\n\nMany threat actors launch internal phishing campaigns after compromising identities with AiTM (Identifying Adversary-in-the-Middle). It is observed by Microsoft experts that largescale internal phishing campaigns have targeted over 8,000 recipients. These emails are sent internally and from legitimate senders, which increases the likelihood that users will open them and be fooled by the fraud.<\/p>\n\n\n\n
<\/div>\n\n\n\nMass Spam Mailing Activity<\/mark><\/h3>\n\n\n\nThis attack focusses on disrupting users through a \u2019Denial-of-Service’ strategy. Attackers subscribe the victims email address to multiple lists, forums, message boards, and newsletters. The victim will then receive an overwhelming number of emails, which sometimes exceeds 1000 per minute. When this happens, the victim is often distracted, frustrated, and unable to notice legitimate warning or authentication messages in their flooded inbox.<\/p>\n\n\n\n
<\/div>\n\n\n\nHow BEC is Evolving<\/h2>\n\n\n\n
BEC attacks are evolving, along with the skills of the threat actors. Since cloud services continue to advance through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is due to the growing targeting of Cloud based infrastructure, exploitation of trusted business relationships, and development of more specialised skills by the threat actors.<\/p>\n\n\n\n
Increasing intelligence sharing across the public and private sectors will improve our collective ability to identify these attacks and enable a faster and more impactful response against the threat actors behind these attacks.<\/p>\n\n\n\n
<\/div>\n\n\n\nOther Types of BEC Attacks<\/mark><\/h3>\n\n\n\n<\/div>\n\n\n\nDirect Email Compromise (DEC)<\/mark> – <\/strong>Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker\u2019s bank account or change payment information for an existing account.<\/p>\n\n\n\n<\/div>\n\n\n\nVendor Email Compromise (VEC)<\/mark> – <\/strong>Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.<\/p>\n\n\n\n<\/div>\n\n\n\nFalse Invoice Scam<\/mark> – <\/strong>A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.<\/p>\n\n\n\n<\/div>\n\n\n\nStop BEC Attacks with XDR<\/h2>\n\n\n\n<\/div>\n\n\n\nMicrosoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended<\/a> Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.<\/p>\n\n\n\nBusiness Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at info@cwsi.co.uk<\/a> to discuss options and find out how we can support you to leave cyberthreats in the past.<\/p>\n\n\n\nContent originated from the Microsoft Digital Defence Report <\/p>\n\n\n
Financial Fraud<\/mark><\/h3>\n\n\n\nMicrosoft experts have observed that attackers create domain impersonations to trick users into thinking they are engaging with legitimate third parties for financial transactions. Attackers compromise the third party and respond through the same email thread to request money transfers. It is challenging to detect these attacks as they usually originate from genuine third-party email addresses.<\/p>\n<\/div>\n\n\n\n
\n<\/figure>\n<\/div>\n<\/div>\n\n\n\nLateral Movement Through Internal Phishing<\/mark><\/h3>\n\n\n\nMany threat actors launch internal phishing campaigns after compromising identities with AiTM (Identifying Adversary-in-the-Middle). It is observed by Microsoft experts that largescale internal phishing campaigns have targeted over 8,000 recipients. These emails are sent internally and from legitimate senders, which increases the likelihood that users will open them and be fooled by the fraud.<\/p>\n\n\n\n
<\/div>\n\n\n\nMass Spam Mailing Activity<\/mark><\/h3>\n\n\n\nThis attack focusses on disrupting users through a \u2019Denial-of-Service’ strategy. Attackers subscribe the victims email address to multiple lists, forums, message boards, and newsletters. The victim will then receive an overwhelming number of emails, which sometimes exceeds 1000 per minute. When this happens, the victim is often distracted, frustrated, and unable to notice legitimate warning or authentication messages in their flooded inbox.<\/p>\n\n\n\n
<\/div>\n\n\n\nHow BEC is Evolving<\/h2>\n\n\n\n
BEC attacks are evolving, along with the skills of the threat actors. Since cloud services continue to advance through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is due to the growing targeting of Cloud based infrastructure, exploitation of trusted business relationships, and development of more specialised skills by the threat actors.<\/p>\n\n\n\n
Increasing intelligence sharing across the public and private sectors will improve our collective ability to identify these attacks and enable a faster and more impactful response against the threat actors behind these attacks.<\/p>\n\n\n\n
<\/div>\n\n\n\nOther Types of BEC Attacks<\/mark><\/h3>\n\n\n\n<\/div>\n\n\n\nDirect Email Compromise (DEC)<\/mark> – <\/strong>Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker\u2019s bank account or change payment information for an existing account.<\/p>\n\n\n\n<\/div>\n\n\n\nVendor Email Compromise (VEC)<\/mark> – <\/strong>Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.<\/p>\n\n\n\n<\/div>\n\n\n\nFalse Invoice Scam<\/mark> – <\/strong>A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.<\/p>\n\n\n\n<\/div>\n\n\n\nStop BEC Attacks with XDR<\/h2>\n\n\n\n<\/div>\n\n\n\nMicrosoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended<\/a> Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.<\/p>\n\n\n\nBusiness Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at info@cwsi.co.uk<\/a> to discuss options and find out how we can support you to leave cyberthreats in the past.<\/p>\n\n\n\nContent originated from the Microsoft Digital Defence Report <\/p>\n\n\n
<\/figure>\n<\/div>\n<\/div>\n\n\n\nLateral Movement Through Internal Phishing<\/mark><\/h3>\n\n\n\nMany threat actors launch internal phishing campaigns after compromising identities with AiTM (Identifying Adversary-in-the-Middle). It is observed by Microsoft experts that largescale internal phishing campaigns have targeted over 8,000 recipients. These emails are sent internally and from legitimate senders, which increases the likelihood that users will open them and be fooled by the fraud.<\/p>\n\n\n\n
<\/div>\n\n\n\nMass Spam Mailing Activity<\/mark><\/h3>\n\n\n\nThis attack focusses on disrupting users through a \u2019Denial-of-Service’ strategy. Attackers subscribe the victims email address to multiple lists, forums, message boards, and newsletters. The victim will then receive an overwhelming number of emails, which sometimes exceeds 1000 per minute. When this happens, the victim is often distracted, frustrated, and unable to notice legitimate warning or authentication messages in their flooded inbox.<\/p>\n\n\n\n
<\/div>\n\n\n\nHow BEC is Evolving<\/h2>\n\n\n\n
BEC attacks are evolving, along with the skills of the threat actors. Since cloud services continue to advance through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is due to the growing targeting of Cloud based infrastructure, exploitation of trusted business relationships, and development of more specialised skills by the threat actors.<\/p>\n\n\n\n
Increasing intelligence sharing across the public and private sectors will improve our collective ability to identify these attacks and enable a faster and more impactful response against the threat actors behind these attacks.<\/p>\n\n\n\n
<\/div>\n\n\n\nOther Types of BEC Attacks<\/mark><\/h3>\n\n\n\n<\/div>\n\n\n\nDirect Email Compromise (DEC)<\/mark> – <\/strong>Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker\u2019s bank account or change payment information for an existing account.<\/p>\n\n\n\n<\/div>\n\n\n\nVendor Email Compromise (VEC)<\/mark> – <\/strong>Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.<\/p>\n\n\n\n<\/div>\n\n\n\nFalse Invoice Scam<\/mark> – <\/strong>A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.<\/p>\n\n\n\n<\/div>\n\n\n\nStop BEC Attacks with XDR<\/h2>\n\n\n\n<\/div>\n\n\n\nMicrosoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended<\/a> Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.<\/p>\n\n\n\nBusiness Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at info@cwsi.co.uk<\/a> to discuss options and find out how we can support you to leave cyberthreats in the past.<\/p>\n\n\n\nContent originated from the Microsoft Digital Defence Report <\/p>\n\n\n
Mass Spam Mailing Activity<\/mark><\/h3>\n\n\n\nThis attack focusses on disrupting users through a \u2019Denial-of-Service’ strategy. Attackers subscribe the victims email address to multiple lists, forums, message boards, and newsletters. The victim will then receive an overwhelming number of emails, which sometimes exceeds 1000 per minute. When this happens, the victim is often distracted, frustrated, and unable to notice legitimate warning or authentication messages in their flooded inbox.<\/p>\n\n\n\n
<\/div>\n\n\n\nHow BEC is Evolving<\/h2>\n\n\n\n
BEC attacks are evolving, along with the skills of the threat actors. Since cloud services continue to advance through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is due to the growing targeting of Cloud based infrastructure, exploitation of trusted business relationships, and development of more specialised skills by the threat actors.<\/p>\n\n\n\n
Increasing intelligence sharing across the public and private sectors will improve our collective ability to identify these attacks and enable a faster and more impactful response against the threat actors behind these attacks.<\/p>\n\n\n\n
<\/div>\n\n\n\nOther Types of BEC Attacks<\/mark><\/h3>\n\n\n\n<\/div>\n\n\n\nDirect Email Compromise (DEC)<\/mark> – <\/strong>Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker\u2019s bank account or change payment information for an existing account.<\/p>\n\n\n\n<\/div>\n\n\n\nVendor Email Compromise (VEC)<\/mark> – <\/strong>Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.<\/p>\n\n\n\n<\/div>\n\n\n\nFalse Invoice Scam<\/mark> – <\/strong>A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.<\/p>\n\n\n\n<\/div>\n\n\n\nStop BEC Attacks with XDR<\/h2>\n\n\n\n<\/div>\n\n\n\nMicrosoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended<\/a> Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.<\/p>\n\n\n\nBusiness Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at info@cwsi.co.uk<\/a> to discuss options and find out how we can support you to leave cyberthreats in the past.<\/p>\n\n\n\nContent originated from the Microsoft Digital Defence Report <\/p>\n\n\n
How BEC is Evolving<\/h2>\n\n\n\n
BEC attacks are evolving, along with the skills of the threat actors. Since cloud services continue to advance through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is due to the growing targeting of Cloud based infrastructure, exploitation of trusted business relationships, and development of more specialised skills by the threat actors.<\/p>\n\n\n\n
Increasing intelligence sharing across the public and private sectors will improve our collective ability to identify these attacks and enable a faster and more impactful response against the threat actors behind these attacks.<\/p>\n\n\n\n
Other Types of BEC Attacks<\/mark><\/h3>\n\n\n\n<\/div>\n\n\n\nDirect Email Compromise (DEC)<\/mark> – <\/strong>Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker\u2019s bank account or change payment information for an existing account.<\/p>\n\n\n\n<\/div>\n\n\n\nVendor Email Compromise (VEC)<\/mark> – <\/strong>Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.<\/p>\n\n\n\n<\/div>\n\n\n\nFalse Invoice Scam<\/mark> – <\/strong>A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.<\/p>\n\n\n\n<\/div>\n\n\n\nStop BEC Attacks with XDR<\/h2>\n\n\n\n<\/div>\n\n\n\nMicrosoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended<\/a> Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.<\/p>\n\n\n\nBusiness Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at info@cwsi.co.uk<\/a> to discuss options and find out how we can support you to leave cyberthreats in the past.<\/p>\n\n\n\nContent originated from the Microsoft Digital Defence Report <\/p>\n\n\n
Direct Email Compromise (DEC)<\/mark> – <\/strong>Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker\u2019s bank account or change payment information for an existing account.<\/p>\n\n\n\n Vendor Email Compromise (VEC)<\/mark> – <\/strong>Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.<\/p>\n\n\n\n False Invoice Scam<\/mark> – <\/strong>A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.<\/p>\n\n\n\n Microsoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended<\/a> Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.<\/p>\n\n\n\n Business Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at info@cwsi.co.uk<\/a> to discuss options and find out how we can support you to leave cyberthreats in the past.<\/p>\n\n\n\n Content originated from the Microsoft Digital Defence Report <\/p>\n\n\nStop BEC Attacks with XDR<\/h2>\n\n\n\n