chat
expand_more

New BEC Attacks Target Read Receipt and Out-of-Office Reply Loophole

Abnormal Security recently detected two new types of attacks where scammers are targeting victims by redirecting their own Microsoft 365 out-of-office replies as well as read receipts back to them. These tactics indicate attackers are using every available tool and loophole...
January 26, 2021

Abnormal Security recently detected two new types of attacks where scammers are targeting victims by redirecting their own Microsoft 365 out-of-office replies as well as read receipts back to them. These tactics indicate attackers are using every available tool and loophole to their advantage in the hopes of a successful BEC attempt. These attacks were observed over the holidays in December 2020, where out-of-office replies and auto-responders are more prevalent.

Read Receipts Attack

In this attack, the scammer prepares a BEC attack such as an extortion email, and manipulates the email headers (“Disposition-Notification-To”) so the target would receive a read receipt notification from M365, instead of the attacker. The extortion email is sent, gets by traditional security solutions and lands in the employee inbox, where it is auto-remediated by Abnormal.

However, even though the original extortion email was auto-remediated, the manipulated email header triggered a read receipt notification back to the target that includes the text of the extortion.

Abnormal now auto-remediates read receipt notifications if they are preceded by a malicious email. However, for organizations without this protection, employees are vulnerable to these cleverly configured attacks that can reach the inbox.

Out of Office Reply Attack

Similar to the read receipts scam, in this type of attack the scammer prepares an extortion email and manipulates the email headers (“Reply-To”). The difference here is, if the target has an Out of Office Reply turned ON, the notification can be directed to a second target within the organization, not the attacker.

As with the Read Receipts attack, the extortion email gets by traditional security solutions and lands in the employee inbox, where it is auto-remediated by Abnormal.

Even though the original extortion email was auto-remediated, the manipulated email header triggered an Out of Office reply to a second target that includes the text of the extortion.

Abnormal has developed techniques to remove unwanted Out of Office and auto-reply messages stemming from malicious emails. For organizations lacking protection in this area, these emails cause alarm and confusion.

To protect your organization from never-before-seen attacks that get past traditional email security solutions such as these, request a demo of the Abnormal Security platform.

New BEC Attacks Target Read Receipt and Out-of-Office Reply Loophole

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 2024 Cybersecurity Predictions
As AI becomes more prevalent in the new year, discover how our experts believe the world will change—for both good and bad.
Read More
B 11 27 23 ATO Stats
Account takeover allows threat actors to steal sign-in credentials and access an organization's network. Read some eye-popping stats about ATO cost and frequency.
Read More
B Unmasking Vendor Fraud
Learn about the techniques, tools, and technologies we use to train the models that form the backbone of our vendor fraud detection.
Read More
B ISC2
Get the latest insights from the 2023 ISC2 Cybersecurity Workforce Study, including which skills are most sought-after, how careers have changed, and how AI is affecting the industry.
Read More
B Good Bad Ugly Future of AI
Hear about positive and malicious use cases of AI and how to protect against novel threats in this recap from Chapter 3 of our Convergence of AI + Cybersecurity series.
Read More
B Cryptocurrency Donations Attack
Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.
Read More