informa
Quick Hits

BEC Scammers Find New Ways to Navigate Microsoft 365

Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.

Business email compromise (BEC) scammers targeted victims' out-of-office replies and read receipts during the 2020 holiday season, when many took time off work and automatic replies were more prevalent, researchers report.

Related Content:

How to Better Secure Your Microsoft 365 Environment

Special Report: Understanding Your Cyber Attackers

New From The Edge: Learn SAML: The Language You Don't Know You're Already Speaking

Attackers targeted victims by redirecting their own Microsoft 365 out-of-office messages back to them, Abnormal Security noticed. A scammer would write an extortion email and manipulate the email headers ("Reply-To"). If the target has an out-of-office reply turned on, the alert can be redirected to a second target within the organization — not back to the attacker, researchers report. 

"Even though the original extortion email was auto-remediated, the manipulated email header triggered an Out of Office reply to a second target that includes the text of the extortion," they write in a blog post. 

Similarly, in a "read receipts" attack, the scammer would write an extortion email and change the email headers ("Disposition-Notification-To") so the target would receive a read receipt notification from Microsoft 365 instead of the attacker. The manipulated email header would trigger a read-receipt notification back to the target, which includes the text of the extortion. 

Read more details here.

Recommended Reading: