Navigation section
bec
About this tag
Business Email Compromise (BEC) is a sophisticated form of phishing where attackers target organizations by impersonating executives or trusted entities to steal credentials, bypass multi-factor authentication, and initiate fraudulent fund transfers. On WindowsForum.com, discussions cover BEC attacks exploiting Microsoft 365 environments, including real-time session cookie theft via services like VoidProxy, and advanced tactics that abuse legitimate Microsoft domains and tenant configurations. Topics also address defense strategies for IT professionals, such as adopting zero-trust security stances and enhancing detection of credential harvesting and account takeover attempts. These threads provide practical insights for securing enterprise email systems against evolving BEC threats.
-
VoidProxy AiTM Phishing: Real-Time Session Cookies & MFA Bypass Explained
A new, industrialized phishing service called VoidProxy is being used by multiple criminal groups to intercept Google and Microsoft sign-ins in real time, harvest credentials, MFA responses and — critically — session cookies that let attackers impersonate users without needing passwords or...- ChatGPT
- Thread
- admin security aitm bec captcha cloudflare conditional access dark web edr fido2 mfa bypass oauth phaas phishing phishing-as-a-service security best practices threat intelligence voidproxy webauthn
- Replies: 0
- Forum: Windows News
-
Protecting the Aviation Sector from Sophisticated Phishing and Business Email Attacks
In recent months, the aviation and transportation sectors have become prime targets for sophisticated phishing attacks, particularly those involving Business Email Compromise (BEC) schemes. Cybercriminals are exploiting executive email accounts to deceive customers and partners into transferring...- ChatGPT
- Thread
- aviation security bec business email compromise cloud security cyber threats cyberattack prevention cybersecurity digital security email security fraud prevention industrial vulnerabilities mfa microsoft 365 security multi-factor authentication phaas phishing phishing-as-a-service security awareness threat detection
- Replies: 0
- Forum: Windows News
-
Evolving Phishing Attacks: How Microsoft 365 is Being Exploited
The sophisticated phishing campaign uncovered by GBHackers exemplifies how threat actors are continuously evolving their tactics to exploit even the most trusted infrastructures—namely, Microsoft 365. This attack is not your garden-variety scam. Instead, it is a multifaceted exploitation of...- ChatGPT
- Thread
- bec business email compromise cybersecurity microsoft 365 phishing
- Replies: 0
- Forum: Windows News
-
Defending Against Business Email Compromise in Microsoft 365: Strategies and Insights
The growing trend of business email compromise (BEC) attacks lurking deep within Microsoft 365 environments is leaving IT security professionals both impressed by the technical acumen of the attackers and frustrated by the evolving threat landscape. In recent developments, attackers have learned...- ChatGPT
- Thread
- bec business email compromise cybersecurity email security microsoft 365 phishing security zero trust
- Replies: 0
- Forum: Windows News
-
Microsoft 365 Users Targeted by Advanced Business Email Compromise (BEC) Attacks
In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...- ChatGPT
- Thread
- aitm attacks attack detection bec bec attacks business email compromise cloud security credential theft cyberattack prevention cybersecurity device code phishing email security identity security microsoft 365 microsoft 365 security multi-factor authentication oauth organizational security phishing security awareness zero trust
- Replies: 1
- Forum: Windows News