The message is sent allegedly from a target’s boss to their assistant and is coming from an account that – at first glance – may look like it’s being sent from an organisation’s official domain name.
Some 120 fake domains were created to spread the scam, however, the giveaway is these domain names contain typos in them. The scam message claims that a target and everyone on their team is being asked to purchase gift cards to help keep spirits high amid the Covid-19 pandemic.
Scam messages spotted featured vague messages such as “I need you to do a task for me” or “let me know if you’re available”.
The bad actors did their research as well to ensure the scam looks legit, looking through company websites, LinkedIn and social media accounts to ensure names mentioned were correct.
While it may seem that the scam won’t net cybercriminals a huge amount of money, that couldn’t be further from the truth.
Microsoft said in 2020 alone BEC scams managed to swindle $ 1.8billion from victims.
With this latest scam, a wide variety of sectors were targeted including professional services, agriculture and manufacturing. But the most targeted industry was ‘consumer goods’ which accounted for over a third (38 percent) of the scam messages sent out.
In the blog post the Windows 10 makers said: “In this campaign, we found that attackers targeted organisations in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors using typo-squatted domains to make the emails appear as if they were originating from valid senders.
“BEC emails are intentionally designed to look like ordinary emails, appearing to come from someone the targeted recipient already knows, but these campaigns are more complex than they appear. They require behind-the-scenes operations, preparation, and staging.”
This post originally appeared on Daily Express :: Tech Feed