Mitiga is working with law enforcement after uncovering a widespread business email compromise (BEC) scam that has netted more than $15 million.
A Medium post from Mitiga stated cybercriminals impersonated senior executives with Office 365 email services, used to access sensitive communications, alter wire transfers and redirect funds to rogue bank accounts.
The attacker used Office 365 because of the reduced suspicion and to avoid malicious detection systems, according to the post. Mitiga had been called in to investigate for an unnamed client and said the attack went on for several months.
The rogue domains, the post stated, were registered on Wild West Domains, which is owned by GoDaddy. And the rogue domains were imitations of legitimate businesses.
Over 150 organizations could have been impacted around the world, the post stated.
Mitiga also said in the post that it recommends safeguards for companies that could have been affected. They should enforce Office 365 password updates, add two-factor authentication to Office 365, look at forwarding rules in email accounts, set rules to prevent bulk forwarding of emails, search for hidden folders within inboxes and enable alerts for suspicious activity.
The recommendations also cover blocking legacy email protocols like POP, IMAP and SMTP1 that can circumvent multi-factor authentication, incorporating more awareness and controls for wire transactions, and subscribing to a domain management service, according to the post.
BEC scams have been surging in 2020, with a 200 percent increase in reports between April and May this year, PYMNTS reported. The scams are also going for bigger dollar amounts overall, according to data from Abnormal Security, and the number of businesses reporting the fraud increased 36 percent.
The increase came at around the time companies shifted to work-from-home environments, which scammers often took advantage of because of the confusion and friction of the massive shift.
Businesses have become big targets of fraud amid the pandemic. According to a PYMNTS report, there were 33 percent more ransomware payments made by businesses during the first quarter of 2020.