Microsoft Reports BEC Scammers Use Residential IP Addresses
Microsoft has warned that cybercriminals are using residential IP addresses to stage business email compromise (BEC) attacks undetected. In this tactic, BEC scammers buy IP addresses that match the location of their victims to mask the origin of their login attempts. These scammers can obscure their movements and circumvent detection flags, such as “impossible travel” that triggers when a task is performed in two locations in a shorter amount of time than the required time to travel from one location to another.
The use of residential IP addresses can help BEC attackers avoid detection and instigate further attacks, according to Microsoft. Scammers in Asia and an Eastern European country are frequently using this tactic, especially when using phishing-as-a-service (PhaaS) offerings to obtain login credentials. One such proxy service is BulletProofLink, which uses public blockchain nodes for the hosting of phishing and BEC sites that can make takedown more difficult.
How Does BEC Work?
BEC involves cybercriminals compromising or spoofing email addresses and sending illegitimate requests for wire transfers to employees responsible for making or authorizing payments. They request payments to be made into bank accounts they control, which is how they obtain their profits.
The number of reported BEC attacks is constantly increasing, with the FBI receiving close to 22,000 BEC complaints in 2022, which resulted in losses totaling over $2.7 billion, according to the agency’s 2022 Internet Crime Report.
Microsoft‘s Advice for Businesses
Microsoft advises organizations to adopt specific email rules to block messages from outside parties, implement robust authentication methods, train employees to spot fraudulent emails, use secure email solutions, and enforce domain-based message authentication, reporting, and conformance (DMARC) policies to protect against spoofed emails.
Threat actors’ BEC attempts can take many forms, including phone calls, text messages, emails, or social media messages. Spoofing authentication request messages and impersonating individuals and companies are also common tactics. Businesses must ensure comprehensive security measures are in place at every level to counter these schemes.
Editorial and Advice
This new tactic of using residential IP addresses may be beneficial to scammers, but it highlights the urgent need for businesses to reassess their email security measures. Companies must ensure that measures are in place to prevent cybercriminals from gaining unauthorized access to their internal systems.
Considering the increasing frequency of BEC attacks, it’s crucial that businesses train their employees to recognize and prevent email attacks. Proper implementation of DMARC policies and email authentication technologies, such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), is essential.
In conclusion, businesses must remain vigilant against BEC scams and other cyber-attacks by implementing effective security measures such as regular security awareness training and implementing multi-factor authentication. Additionally, these measures should be regularly reviewed to mitigate the risks of emerging threats.
Unsplash gallery keyword: Cybersecurity.-residentialIPs,BECscams,Microsoft,detectionavoidance
<< photo by Clint Patterson >>
