Threat actors are extremely ingenious when it comes to gaining access to users’ devices. They use various techniques to hack the data of users and these cases have seen a significant increase especially during the pandemic when more people have started working online.

Recently, Microsoft revealed a huge-scale business email compromise (BEC) campaign that has targeted more than 120 organizations with the help of typo-squatted domains (URL hijacking). These domains were registered a few days before the attacks began.

Social engineering, phishing, or CEO fraud are just a few tactics that BEC scammers use to compromise business email accounts, which are then employed to redirect payments to bank accounts under their control or attack employees with the gift card scam.

Microsoft’s 365 Defender Threat Intelligence Team used typo-squatted domains such as microsoft.xyz or micrrosoft.com to send emails posing as employee managers who work at companies in several industry sectors, including real estate, discrete manufacturing, and professional services.

Microsoft BEC campaign heimdal security

Breakdown of email volume sent to the top targeted industries in the BEC campaign

Image Source: Microsoft

Microsoft said that the registered domains did not always associate with the organization being imitated in the email. While their method was imperfect at times, the attackers’ investigation skills are obvious since they tackled the targeted employees’ using their first names.

Threat actors also used standard phishing techniques like fake replies (enhanced by faking the In-Reply-To and References headers as well) to add legitimacy to phishing emails.

Phishing BEC email heimdal security

Fraudulent BEC Phishing Email

Image Source: Microsoft

According to Microsoft researchers,

Filling these headers in made the email appear legitimate and that the attacker was simply replying to the existing email thread between the Yahoo and Outlook user. This characteristic sets this campaign apart from most BEC campaigns, where attackers simply include a real or specially crafted fake email, adding the sender, recipient, and subject, in the new email body, making appear as though the new email was a reply to the previous email.


Although these methods don’t seem very sophisticated, according to the FBI’s 2020 Internet Crime Report, BEC attacks make a huge financial loss every year. A total of $1.8 billion in victim losses in 2020 was caused because of these BEC attacks. Additionally, the Bureau has given warnings to the corporate sector of the US that these attacks are consistently increasing.

IC3 received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020.


When it comes to maintaining the security, integrity, and accessibility of the data and systems of every organization, good patch management is a crucial aspect and the process should be as thorough as possible. The more you keep up with your patching and update all your critical (and non-critical) systems, the less likely it is that your company will be compromised.

To help thwart the wave of rising business email compromise incidents, our Heimdal™ Email Fraud Prevention module is specifically designed to prevent BEC attacks. The new security layer is powered by 125 different vectors so that no suspicious email can pass its analysis. it can pick up on the slightest alterations, such as a changed IBAN code in an otherwise legitimate string of emails. Heimdal™ Email Security is available as a standalone product, regardless of whether you opt for our anti-virus (Heimdal™ Next-Gen Antivirus & MDM) or malware prevention solution (Heimdal™ Threat Prevention).

This way, you can focus on what really drives your business without needing to worry about BEC attacks.

Business Email Security Contributes to Business Stability

CEO Fraud Emails – Not Every Money Transfer Request You Receive Is Legit

Leave a Reply

Your email address will not be published. Required fields are marked *