Office 365 Business Email Compromise Attacks
The Office 365 (O365) platform has experienced tremendous growth and there is no sign of that trend slowing. More businesses than ever reside with – or plan to migrate accounts to – the expanding Microsoft Business or Enterprise services. Scammers have taken notice and have crafted simple, effective social engineering attacks targeted to (and from compromised) O365 users.
Since the last quarter of 2017, we have blocked an abnormal quantity of Business Email Compromise attack campaigns. These are a version of man-in-the-middle attacks exploiting the trust that goes with the victims known contacts. Western African (likely Nigerian) scam groups have improved social engineering techniques, which ultimately lead to credential theft and financial fraud. Our SecureTide Filtering and Phenomenal Care Support teams have documented data for this attack. The information provided below details the tactical phases of ongoing Office 365 Business Email Compromise attacks and credential harvesting by these scammers.