CyberSecurityBoard
Sponsor Register Login

Hackers Leveraging Compromised Email Server To Send Fraudulent Emails

In a sophisticated business email compromise (BEC) attack recently uncovered by Trend Micro Managed XDR team, threat actors exploited a compromised third-party email server to conduct fraudulent financial transactions between business partners. Rather than simply sending fraudulent emails, the threat actors patiently inserted themselves into legitimate email threads between business partners, gradually replacing recipient addresses with their own controlled accounts while maintaining the appearance of normal communication. While the security analysts at Trend Micro noted that the attackers continued manipulating the conversation over several days, eventually causing Partner B to deposit funds into the threat actor’s account instead of Partner A’s legitimate account. The scheme, which unfolded over several days, involved manipulating email conversations between three business partners, ultimately leading to funds being transferred to accounts controlled by the attackers. What makes this attack particularly concerning is how the threat actors maintained two separate conversations – one with each legitimate partner – while neither partner realized they were communicating with the attackers rather than each other. The precise technical mechanism involved a compromised email server with insecure configurations that allowed emails to pass Sender Policy Framework (SPF) authentication despite not originating from authorized domains. Security experts recommend implementing proper DMARC enforcement, DKIM email signing, and establishing out-of-band verification protocols for financial transactions. The attack began when the threat actor intercepted an email reminder about an invoice sent from Partner A to Partner B. The threat actor initially inserted themselves into the email chain, after this they eventually took complete control of the conversation by separating the legitimate partners. Multi-factor authentication, digital signatures for emails containing financial instructions, and verification protocols between business partners remain essential defenses against these increasingly sophisticated BEC attacks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 05:55:13 +0000


Cyber News related to Hackers Leveraging Compromised Email Server To Send Fraudulent Emails

10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
2 weeks ago Cybersecuritynews.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
5 months ago Esecurityplanet.com
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
1 year ago Securityboulevard.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
1 year ago Securityboulevard.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Beware: PayPal "New Address" feature abused to send phishing emails - The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase confirmation for a MacBook M4, and to call the enclosed PayPal number if you did not authorize the purchase. The goal of ...
2 weeks ago Bleepingcomputer.com
Hackers Leveraging Compromised Email Server To Send Fraudulent Emails - In a sophisticated business email compromise (BEC) attack recently uncovered by Trend Micro Managed XDR team, threat actors exploited a compromised third-party email server to conduct fraudulent financial transactions between business partners. ...
3 hours ago Cybersecuritynews.com
February 1, 2024: A Date All Email Senders Should Care About - For any organization sending bulk email or high email volumes to Google and Yahoo accounts, there's one date you should have flagged on your calendar. On February 1st, guidance indicates you'll need to pay attention if you are sending over 5000 ...
1 year ago Feedpress.me
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
1 year ago Securityboulevard.com
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
1 year ago Itsecurityguru.org
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
1 year ago Itsecurityguru.org
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
10 months ago Securityboulevard.com APT29
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
1 year ago Securityboulevard.com CVE-2023-23397 CVE-2023-38831 Fancy Bear APT28
Chinese Earth Krahang hackers breach 70 orgs in 23 countries - A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the ...
11 months ago Bleepingcomputer.com CVE-2023-32315 CVE-2022-21587 Earth Lusca GALLIUM
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
1 year ago Techtarget.com
Microsoft takes down websites used to create 750 million fraudulent accounts - Microsoft seized certain websites run by a Vietnam-based group that created roughly 750 million fraudulent Microsoft accounts after the software maker received a court order a week ago from the Southern District of New York. Posting to its blog Dec. ...
1 year ago Packetstormsecurity.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
10 months ago Bleepingcomputer.com APT29
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse - After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology. Alongside the warnings, Microsoft said it recently used a ...
1 year ago Therecord.media
Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
1 year ago Darkreading.com
DocuSign scam targeted more than 10,000 inboxes: report - Scammers used a malicious DocuSign document in a campaign that tried to steal credentials belonging to more than 10,000 people across several organizations. Researchers at cybersecurity company Armorblox said the brand impersonation campaign targeted ...
2 years ago Therecord.media
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks - A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious ...
1 year ago Darkreading.com Black Basta
Hackers Use Fake DocuSign Templates to Scam Organizations - A surge in phishing attacks that use emails appearing to be from DocuSign is being fueled by a Russian dark web marketplace that has a wide range of take templates and login credentials. Eventually, the search led them to the Russian marketplace, ...
9 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)