Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started.
BEC scammers use various tactics (including social engineering, phishing, or hacking) to compromise business email accounts, later used to redirect payments to bank accounts under their control or target employees in gift card scams.
Microsoft used the typo-squatted domains to send emails impersonating managers of employees working at companies from various industry sectors, including real estate, discrete manufacturing, and professional services.
“We observed patterns in using the correct domain name but an incorrect TLD, or slightly spelling the company name wrong. These domains were registered just days before this email campaign began,” the Microsoft 365 Defender Threat Intelligence Team said.