Microsoft may have discovered the least convincing phishing scam yet

Fraud
(Image credit: Shutterstock / Sapann Design)

Cybersecurity researchers at Microsoft have shared details about a recent business email compromise (BEC) phishing campaign that showed signs of extensive planning but silly execution.

The Microsoft 365 Defender Threat Intelligence Team discovered a BEC scam that tried to trick its recipients into purchasing gift cards.

Microsoft’s research shows that the threat actors behind the campaign meticulously planned the entire operation. However, in the end it all came to naught thanks to how the scam was conducted.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

For their campaign, the attackers registered typo-squatted domains for over 120 different organizations to impersonate actual businesses, either by using an incorrect TLD, or slightly altering the spelling of the company. 

But when they sent the actual phishing email, the registered domain from where the email came from did not always align with the organization being impersonated in the email. Imagine a Microsoft employee asking to buy gift cards for Google staff members.

Poor execution

The researchers share that this campaign targeted a variety of companies in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.

The original phishing email usually had an extremely vague request and the message body contained a few details related to the target to make the email seem legitimate.

If the recipient replied to the email, the attacker would respond with their demand for purchasing the gift card. 

In some cases, Microsoft researchers observed that the attackers jumped directly to the gift card demand, using a method of generating fake replies to add legitimacy to their email. 

In the fake replies the threat actor included what appeared to be an original message in the email body, with the subject line starting with “Re:” to give the impression that that the attacker was simply replying to the existing email thread. 

Also unlike usual phishing scams, the operators behind this one took the extra step to fake the In-Reply-To and References headers of the phishing email as well in order to add an extra air of legitimacy to the email.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Representational image of a hacker
Email scams vs Phishing - is there a difference?
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one