What you need to know
- A Microsoft 365 Defender Threat Intelligence Team report breaks down a common gift card scam.
- The report shows that scammers are still using some of the oldest schemes to steal money.
- A specific campaign looked at by Microsoft accidentally didn't use the right organization name when claiming to send company emails.
Spam emails are a constant in the modern world. Whether it's a personal or work email address, most people are inundated with all sorts of scams and schemes. A new study from the Microsoft 365 Defender Threat Intelligence Team breaks down one of the more common schemes, business email compromise (BEC) attacks.
These types of attacks try to trick people into approving payments, transferring money, or in the case of a specific campaign looked at by Microsoft, purchasing gift cards.
These types of attacks center around tricking people who might not look at the recipient email address. A scammer will send an email pretending to be from someone's boss or someone in authority and then ask for funds in one way or another.
Frequently, scammers use typo-squatted domains, which are fake domains that look real at a glance. For example, a scammer may add a letter to a website domain, like microsofft.com.
These types of attacks are quite old, but they're presumably still in use because they're effective. Scammers wouldn't keep using the same tactics if they didn't work. The fact that Microsoft Defender for Office 365 detects and blocks these threats could also indicate that people need to be protected from them.
Microsoft's report isn't written to be comedic, but it does highlight a silly mistake made by a specific set of scammers. The campaign that Microsoft covers in its post didn't use the correct organization names when trying to trick people. It would be like if someone claimed to be your boss but said they worked for the wrong company.
