Microsoft warns of rise in business email compromise attacks

By Kuksung Nam, The Readable
May 22, 2023 7:25PM GMT+9

Microsoft warned of an increase in cybercriminal activities against business emails, saying that hackers are using more commoditized tactics to deploy their attacks.

In a recent report, Microsoft stated that business email compromise (BEC) is accelerating and hacking tactics are becoming more sophisticated. BEC is a type of phishing attack where cybercriminals impersonate someone else in an email and lure their target into sending sensitive information.

According to Microsoft, there were 35 million BEC attempts from April 2022 to April 2023, with 156,000 attempts happening each day on average. BEC attackers mostly targeted company executives, senior leaders, finance managers, and human resource staff who have access to employee records to get information they need.

Furthermore, the tech giant wrote that they found a 38% increase in cybercrime-as-a-service (CaaS) incidents targeting business emails from 2019 to 2022. CaaS is a term used to describe a business model where threat actors sell their tools and services to other individuals. The company discovered a significant trend among attackers who use platforms that provide services, such as creating large-scale malicious email campaigns.

nam@thereadable.co

The cover image of this article was designed by Areum Hwang.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.

[Weekend Briefing] Data breach exposed test scores of 270,000 high school students

By Kuksung Nam and Dain Oh, The Readable Feb. 24, 2023 8:18PM GMT+9 Updated Feb. 27, 2023 4:55PM GMT+9 “Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from

[Weekend Briefing] Outsider’s eye: Real questions to ask to protect South Koreans online

By Kuksung Nam and Dain Oh, The Readable Jan. 27, 2023 8:33PM KST “Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact

[2023 Security Outlook] 10 Keywords that will dominate threat landscape

By The Readable Jan. 20, 2023 9:00PM KST As a global news outlet which specializes in cybersecurity, The Readable has reviewed dozens of forecast reports published by diverse organizations regarding the threat landscape this year. Out of various topics that were covered in those reports, The Readable has extracted

Microsoft warns of rise in business email compromise attacks

Read next