BEC attack techniques are exploiting Microsoft 365 loopholes

Researchers have warned that business email compromise (BEC) attack techniques are exploiting Microsoft 365 ‘out of office’ and ‘read receipt’ message loopholes.

This way, they are able to bypass the auto-remediation of a malicious email.

As reported on the Abnormal Security blog, malicious actors are able to do this by redirecting these two particular types of Office 365 replies back to them.

By manipulating the header of the email, the perpetrators can redirect the email to the target instead of having it land in their own inbox.

These attacks were seen in the US during December last year, when out-of-office replies and auto-responders were used more frequently.

The good news is that Abnormal Security was able to devise techniques that protect users from being victimised.

However, organisations that lack the proper protection are potentially still left vulnerable, as the attacks are rather clever in their design.

According to Tom Pendergast from MediaPro, taking advantage of the auto-responder cycle is what makes the attack so effective.

He revealed that these fraudulent messages have a feeling of legitimacy to them.

Those individuals who have decided to turn them on while they are away should remain on their guard.

However, with the right amount of training and education in cyber security, it is possible to identify the fraud for what it is.

Colin Bastable, chief executive officer at Lucy Security, finds the concept interesting due to the attackers exploiting Microsoft’s workflow and automation for delivery purposes in order to take an unsuspecting target for a ride.

He added that these attacks do not deliver a payload and they do not contain a link that takes the victim to a malicious website.

They are, however, a nuisance to deal with, so ignoring them is the recommended course of action.