Microsoft Sees Spike in BEC Attacks Targeting Schools
On Tuesday, Microsoft published a series of posts to Twitter warning of a visible uptick in BEC attacks targeting K-12 school teachers. This time, the operators behind the BEC attacks are impersonating teachers’ colleagues with gift-card themed emails. According to Microsoft Security Intelligence, the attackers create fake email accounts impersonating K-12 school personnel. The fake profiles are creating using publicly available information, likely harvested from school websites or social media platforms. This process makes the BEC emails far more sophisticated and convincing.
The attackers often abuse free email services such as Yahoo, Gmail, Outlook, Mail.ru, Hotmail, and iCloud. Microsoft stated that so far, they have not observed any email spoofing in regards to this campaign. The operation bears similarities to the popular phishing attack technique, in which attackers employ different lures and scenarios to imply urgency and legitimacy with the end goal of infiltrating a device by getting the recipient to click on a malicious link.