Increased Business Email Compromise (BEC) Activity - 20231012002

Overview

What has been observed?

The WA SOC has observed an increase of activity relating to Business Email Compromise (BEC) attacks.

What is the threat?

Business email compromise (BEC) is a form of targeted phishing, or spear phishing. Criminals target organisations and try to scam them out of money or goods. They also target employees and try and trick them into revealing important business information.

Criminals use emails to pretend to be business representatives. They also use the compromised email accounts of employees.

Recommendation

The WA SOC recommends administrators enable "Automatic Attack Disruption" settings within their environments as per Microsoft Documentationwhere possible:

• https://learn.microsoft.com/en-us/microsoft-365/security/defender/configure-attack-disruption?view=o365-worldwide

Additional References

• ASD Threat Article: "Business Email Compromise" https://www.cyber.gov.au/threats/types-threats/business-email-compromise
• Blog Post: "How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)" https://jeffreyappel.nl/how-to-use-automatic-attack-disruption-in-microsoft-365-defender-bec-aitm-humor/