Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038

    Microsoft Warns of Business Email Compromise Attacks Taking Hours

    According to Microsoft’s Security Intelligence team, a recent business email compromise attack (BEC) has shown that threat actors are quickening the pace of these attacks, with certain elements only taking a few minutes.

    The rapid attack progression shows that potential victims will have significantly less time to identify any signs of fraud and take preventative measures. BEC attacks primarily use social engineering to impersonate a trusted individual to trick an employee into falling for their trap. One wrong move from a user and your organization could be in crisis mode within minutes of a successful attack. 

    Microsoft created this timeline of a recent attack that was reported. From the first sign-in to the deletion of the sent email, a total of 127 minutes had passed, reflecting a rush from the attacker’s side:

    Screen Shot 2023-03-13 at 8.25.50 AM

    Although Microsoft 365 Defender generated a warning about a BEC attack 20 minutes after the threat actor deleted the sent email and automatically disrupted the attack by disabling the user’s account, there is still barely any time for your organization to respond quickly enough.

    Javvad Malik, Security Awareness Advocate at KnowBe4, recently wrote about how BEC attacks should not be overlooked, and I couldn’t agree more. New-school security awareness training can ensure your users are prepared to report these types of attacks into their day-to-day operations. Never forget that your users are your last line of defense!

    Bleeping Computer has the full story

    Get Your CEO Fraud Prevention Manual

    CEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

    Sign Up to the TIO Intel Alerts!

    Back To Top