Between April and September, hackers made as much as $15 million by impersonating senior executives at as many as 150 companies using what appear to be legitimate Microsoft Office 365 email addresses in a bid to make their attacks more successful. The FBI, the Secret Service and Microsoft have all been informed, according to Mitiga, an Israeli cybersecurity startup that claims to have uncovered the attacks.
It’s a classic but hugely successful case of what’s known as business email compromise (BEC) fraud where crooks impersonate company partners and convince them to send money to their bank accounts. For instance, the hacker will set up email server domains so they could be mistaken for a real business, such as forb3s.com rather than forbes.com. Mitiga said that in one case it investigated, a hacker had learned of a target’s wire transfer by somehow gaining access to an employee’s Office 365 email account. Then, just as the money was about to be sent by the unnamed victim organization, the fraudster impersonated the recipient and sent new wire instructions so they received the money rather than the legitimate seller. The latter never received the money they were due.
After looking into that attack, Mitiga discovered a significant number of other, possibly-linked BEC frauds that may’ve been perpetrated by the same group. They used 15 different Office 365 accounts to register 150 additional domains, all of them registered on Wild West Domains and designed to imitate other legitimate businesses, Mitiga said.
“We believe that the threat actor chose to use Office 365 in order to improve the likelihood of a successful attack, thanks to the credibility