{"id":126853,"date":"2023-05-19T03:00:00","date_gmt":"2023-05-19T10:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=126853"},"modified":"2025-06-18T05:58:57","modified_gmt":"2025-06-18T12:58:57","slug":"cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/","title":{"rendered":"Cyber Signals: Shifting tactics fuel surge in business email compromise"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Today we released the <a href=\"https:\/\/aka.ms\/CyberSignalsReport-4\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>fourth edition of Cyber Signals<\/strong><\/a><em> <\/em>highlighting a surge in cybercriminal activity around business email compromise (BEC). Microsoft has observed a 38 percent increase in cybercrime as a service (CaaS) targeting business email between 2019 and 2022.<sup>1<\/sup><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Successful BEC attacks cost organizations hundreds of millions of dollars annually. In 2022, the FBI\u2019s Recovery Asset Team (RAT) initiated the Financial Fraud Kill Chain (FFKC) on 2,838 BEC complaints involving domestic transactions with potential losses of more than USD590 million.<sup>2<\/sup>&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">BEC attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception. Between April 2022 and April 2023, Microsoft Threat Intelligence detected and investigated 35 million BEC attempts with an adjusted average of 156,000 attempts daily.&nbsp;<\/p>\n\n\n\n<div class=\"alignwide is-style-vertical wp-block-bloginabox-theme-promotional\">\n\t\n<div class=\"promotional promotional--has-media promotional--media-right\">\n\t<div class=\"promotional__wrapper\">\n\t\t<div class=\"promotional__content-wrapper\">\n\t\t\t<div class=\"promotional__content\">\n\t\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"cyber-signals\">Cyber Signals<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft\u2019s Digital Crimes Unit has observed a 38 percent increase in cybercrime as a service targeting business email between 2019 and 2022.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button  is-full-width-on-mobile\"><a data-bi-an=\"Global CTA\" data-bi-ct=\"cta link\" data-bi-id=\"cta-block\" class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/aka.ms\/CyberSignalsReport-4\">Read the report<\/a><\/div>\n<\/div>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<div class=\"promotional__media-wrapper\">\n\t\t\t\t<div class=\"promotional__media\">\n\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1200\" height=\"800\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4-1.webp\" class=\"attachment-full size-full\" alt=\"graphical user interface, application\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<\/div>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"common-bec-tactics\">Common BEC tactics<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Threat actors\u2019 BEC attempts can take many forms\u2014including via phone calls, text messages, emails, or social media. Spoofing authentication request messages and impersonating individuals and companies are also common tactics.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead of exploiting vulnerabilities in unpatched devices, BEC operators seek to exploit the daily sea of email traffic and other messages to lure victims into providing financial information, or taking direct action like unknowingly sending funds to money mule accounts that help criminals perform fraudulent money transfers.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike a \u201cnoisy\u201d ransomware attack featuring disruptive extortion messages, BEC operators play a quiet confidence game using contrived deadlines and urgency to spur recipients who may be distracted or accustomed to these types of urgent requests. Instead of novel malware, BEC adversaries align their tactics to focus on tools improving the scale, plausibility, and in-box success rate of malicious messages.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft observes a significant trend in <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/09\/21\/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation\/\">attackers\u2019 use of platforms like BulletProftLink<\/a>, a popular service for creating industrial-scale malicious mail campaigns, which sells an end-to-end service including templates, hosting, and automated services for BEC. Adversaries using this CaaS are also provided with IP addresses to help guide BEC targeting.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">BulletProftLink\u2019s decentralized gateway design, which includes Internet Computer blockchain nodes to host phishing and BEC sites, creates an even more sophisticated decentralized web offering that\u2019s much harder to disrupt. Distributing these sites\u2019 infrastructure across the complexity and evolving growth of public blockchains makes identifying them, and aligning takedown actions, more complex.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While there have been several high-profile attacks that take advantage of residential IP addresses, Microsoft shares law enforcement and other organizations\u2019 concern that this trend can be rapidly scaled, making it difficult to detect activity with traditional alarms or notifications.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Although, threat actors have created specialized tools to facilitate BEC, including phishing kits and lists of verified email addresses targeting C-suite leaders, accounts payable leads, and other specific roles, there are methods that enterprises can employ to preempt attacks and mitigate risk.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">BEC attacks offer a great example of why cyber risk needs to be addressed in a cross-functional way with IT, compliance, and cyber risk officers at the table alongside executives and leaders, finance employees, human resource managers, and others with access to employee records like social security numbers, tax statements, contact information, and schedules.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"recommendations-to-combat-bec\">Recommendations to combat BEC<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Use a secure email solution<\/strong>: Today\u2019s cloud platforms for email use AI capabilities like machine learning to enhance defenses, adding advanced phishing protection and suspicious forwarding detection. Cloud apps for email and productivity also offer the advantages of continuous, automatic software updates and centralized management of security policies.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Secure Identities to prohibit lateral movement<\/strong>: Protecting identities is a key pillar to combating BEC. Control access to apps and data with Zero Trust and automated identity governance.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Adopt a secure payment platform<\/strong>:<strong> <\/strong>Consider switching from emailed invoices to a system specifically designed to authenticate payments<strong>.<\/strong>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Train employees to spot warning signs<\/strong>: Continuously <a href=\"https:\/\/www.microsoft.com\/security\/business\/cybersecurity-awareness\" target=\"_blank\" rel=\"noreferrer noopener\">educate employees to spot fraudulent and other malicious emails<\/a>, such as a mismatch in domain and email addresses, and the risk and cost associated with successful BEC attacks.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"learn-more\">Learn more<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Read the <a href=\"https:\/\/aka.ms\/CyberSignals-4\"><strong>fourth edition of Cyber Signals<\/strong><\/a> today. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For more threat intelligence insights and guidance including past issues of Cyber Signals, visit <a href=\"https:\/\/www.microsoft.com\/security\/business\/security-insider\/\">Security Insider<\/a>.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To learn more about Microsoft Security solutions, visit our <a href=\"https:\/\/www.microsoft.com\/security\/business\">website<\/a>. Bookmark the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Security<\/a>) and Twitter (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>) for the latest news and updates on cybersecurity.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\">End notes<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><sup>1<\/sup><a href=\"https:\/\/aka.ms\/CyberSignals-4\">Cyber Signals<\/a>, Microsoft. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><sup>2<\/sup><a href=\"https:\/\/www.fbi.gov\/contact-us\/field-offices\/springfield\/news\/internet-crime-complaint-center-releases-2022-statistics\" target=\"_blank\" rel=\"noreferrer noopener\">Internet Crime Complaint Center Releases 2022 Statistics<\/a>, FBI. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Business email operators seek to exploit the daily sea of email traffic to lure victims into providing financial and other sensitive business information.<\/p>\n","protected":false},"author":162,"featured_media":127811,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","ms-ems-related-posts":[],"footnotes":""},"post_tag":[3909,3822,3809],"threat-intelligence":[],"content-type":[3662],"job-role":[],"product":[],"topic":[3664,3671],"coauthors":[2400],"class_list":["post-126853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-extortion","tag-microsoft-security-insights","tag-security-strategies","content-type-news","topic-ai-and-machine-learning","topic-email-security","review-flag-1-1694638265-354","review-flag-2-1694638266-864","review-flag-fbi-1694638267-194","review-flag-machi-1694638272-641","review-flag-percent"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"Learn more about business email compromise (BEC) cybercrime as a service in the fourth edition of Cyber Signals.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Learn more about business email compromise (BEC) cybercrime as a service in the fourth edition of Cyber Signals.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-19T10:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-18T12:58:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Vasu Jakkal\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vasu Jakkal\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/vasu-jakkal\/\",\"@type\":\"Person\",\"@name\":\"Vasu Jakkal\"}],\"headline\":\"Cyber Signals: Shifting tactics fuel surge in business email compromise\",\"datePublished\":\"2023-05-19T10:00:00+00:00\",\"dateModified\":\"2025-06-18T12:58:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\"},\"wordCount\":772,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png\",\"keywords\":[\"Extortion\",\"Microsoft Security Insights\",\"Security strategies\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\",\"name\":\"Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png\",\"datePublished\":\"2023-05-19T10:00:00+00:00\",\"dateModified\":\"2025-06-18T12:58:57+00:00\",\"description\":\"Learn more about business email compromise (BEC) cybercrime as a service in the fourth edition of Cyber Signals.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png\",\"width\":1200,\"height\":800,\"caption\":\"Graphic depicting phishing risks and other cybersecurity threats.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Signals: Shifting tactics fuel surge in business email compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/2ff2415cead9cfdb4ed02f46f3584c8b\",\"name\":\"Christine Barrett\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/b728cebb84f75806ceab2b73f36f13d6472995e75fce66ebee75df4e6e5c0f85?s=96&d=microsoft&r=g83aac17c934e01fa04078f828a81e7db\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b728cebb84f75806ceab2b73f36f13d6472995e75fce66ebee75df4e6e5c0f85?s=96&d=microsoft&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b728cebb84f75806ceab2b73f36f13d6472995e75fce66ebee75df4e6e5c0f85?s=96&d=microsoft&r=g\",\"caption\":\"Christine Barrett\"},\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/christinebarrett\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog","description":"Learn more about business email compromise (BEC) cybercrime as a service in the fourth edition of Cyber Signals.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/","og_locale":"en_US","og_type":"article","og_title":"Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog","og_description":"Learn more about business email compromise (BEC) cybercrime as a service in the fourth edition of Cyber Signals.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/","og_site_name":"Microsoft Security Blog","article_published_time":"2023-05-19T10:00:00+00:00","article_modified_time":"2025-06-18T12:58:57+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png","type":"image\/png"}],"author":"Vasu Jakkal","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png","twitter_misc":{"Written by":"Vasu Jakkal","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/vasu-jakkal\/","@type":"Person","@name":"Vasu Jakkal"}],"headline":"Cyber Signals: Shifting tactics fuel surge in business email compromise","datePublished":"2023-05-19T10:00:00+00:00","dateModified":"2025-06-18T12:58:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/"},"wordCount":772,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png","keywords":["Extortion","Microsoft Security Insights","Security strategies"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/","name":"Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png","datePublished":"2023-05-19T10:00:00+00:00","dateModified":"2025-06-18T12:58:57+00:00","description":"Learn more about business email compromise (BEC) cybercrime as a service in the fourth edition of Cyber Signals.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/05\/1200x800_MSFTInsider_BlogHeader_CyberSignals4.png","width":1200,"height":800,"caption":"Graphic depicting phishing risks and other cybersecurity threats."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/19\/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Signals: Shifting tactics fuel surge in business email compromise"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/2ff2415cead9cfdb4ed02f46f3584c8b","name":"Christine Barrett","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b728cebb84f75806ceab2b73f36f13d6472995e75fce66ebee75df4e6e5c0f85?s=96&d=microsoft&r=g83aac17c934e01fa04078f828a81e7db","url":"https:\/\/secure.gravatar.com\/avatar\/b728cebb84f75806ceab2b73f36f13d6472995e75fce66ebee75df4e6e5c0f85?s=96&d=microsoft&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b728cebb84f75806ceab2b73f36f13d6472995e75fce66ebee75df4e6e5c0f85?s=96&d=microsoft&r=g","caption":"Christine Barrett"},"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/christinebarrett\/"}]}},"bloginabox_animated_featured_image":null,"bloginabox_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/126853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/162"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=126853"}],"version-history":[{"count":2,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/126853\/revisions"}],"predecessor-version":[{"id":139530,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/126853\/revisions\/139530"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/127811"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=126853"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/post_tag?post=126853"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=126853"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=126853"},{"taxonomy":"job-role","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/job-role?post=126853"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/product?post=126853"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=126853"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=126853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}