We issued a security bulletin back in October of 2023 which covered one of our customers who had their Microsoft account and emails compromised which led to a scammer to send out emails on behalf of that company and request invoices and all sorts of financial data from their customers, including banks.

As it turns out, this has now become a very big deal, even Linus and other popular YouTubers are sounding the alarms with the FBI issuing a new warning about this scam and a scam that uses the exact same tactics to appear as if someone is sending email from the FBI, itself.

How does this scam work?

This scam works by an attacker first compromising the email of a victim, usually a business owner or someone very high up in that business that other victims wouldn’t generally question.  They sit and watch how they conduct business and then will very closely mimic language and regiments of that business owner or business person.

Once they have enough information to construct a conversation that would appear to be exactly that person, they attack by sending out emails requesting money or private information (PII) which helps them collect money in fraudulent bank accounts from other victims.

What we have done

The attack on our customer only happened through Microsoft because it cannot happen on our servers.  We are using both SPF and DMARC DNS records for our email services which specifically lets other email providers know when there is something wrong – that is someone who sent out an email that did not physically come from the IP address listed in those records.   Unless the receiving provider doesn’t check these records, it is an impossibility for someone to get an email from one of our customers and not know something is amiss.

Otherwise, there isn’t much we can do further until other technologies develop.