Microsoft has issued a warning about a new email scam that Microsoft Outlook users need to be aware of. Outlined in a blog post published online, the latest Microsoft Outlook email threat is a scam surrounding gift cards. Bad actors are specifically targeting organisations with what is known as a business email compromise (BEC) attack.
As the Redmond-based tech giant explained, the scam emails are being sent to people working remotely due to the coronavirus pandemic.
The message is sent allegedly from a target’s boss to their assistant and is coming from an account that – at first glance – may look like it’s being sent from an organisation’s official domain name.
Some 120 fake domains were created to spread the scam, however, the giveaway is these domain names contain typos in them. The scam message claims that a target and everyone on their team is being asked to purchase gift cards to help keep spirits high amid the Covid-19 pandemic.
Scam messages spotted featured vague messages such as “I need you to do a task for me” or “let me know if you’re available”.
If the target replied they would be asked to purchase gift cards for their ‘boss’ and then send back the relevant codes to them.
The bad actors did their research as well to ensure the scam looks legit, looking through company websites, LinkedIn and social media accounts to ensure names mentioned were correct.
While it may seem that the scam won’t net cybercriminals a huge amount of money, that couldn’t be further from the truth.
Microsoft said in 2020 alone BEC scams managed to swindle $1.8billion from victims.
With this latest scam, a wide variety of sectors were targeted including professional services, agriculture and manufacturing. But the most targeted industry was ‘consumer goods’ which accounted for over a third (38 percent) of the scam messages sent out.
Thankfully, if you’re worried about your business falling victim to this scam there is a way to stay safe. Microsoft said Defender for Office 365 can protect against attacks, being able to identify potential BEC threats.
In the blog post the Windows 10 makers said: “In this campaign, we found that attackers targeted organisations in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors using typo-squatted domains to make the emails appear as if they were originating from valid senders.
“BEC emails are intentionally designed to look like ordinary emails, appearing to come from someone the targeted recipient already knows, but these campaigns are more complex than they appear. They require behind-the-scenes operations, preparation, and staging.”