Tag

BEC

3 briefs RSS

O365 BEC Email Hiding Rule Creation

This analytic detects the creation of suspicious mailbox rules in Office 365, a common technique used in Business Email Compromise (BEC) to hide emails by identifying rules with short or nonsensical names, marking emails as read, or moving them to specific folders.

Office 365 +4 bec o365 email mailboxrule splunk threat-hunting

2r 1t 3w ago

high threat

Q1 2026 Email Threat Landscape: Rise in Phishing Techniques and Tycoon2FA Disruption

2 rules 1 TTP

In Q1 2026, email threats increased, including credential phishing, QR code phishing, and CAPTCHA-gated campaigns, with Microsoft's disruption of the Tycoon2FA phishing platform leading to a 15% volume decrease and shifts in threat actor tactics; BEC activity remained prevalent at 10.7 million attacks.

Microsoft Defender Storm-1747 email phishing credential-theft Tycoon2FA BEC

2r 1t Apr 30, 2026

medium advisory

Democratization of Business Email Compromise (BEC) Attacks

2 rules 2 TTPs 1 CVE 6 IOCs

Attackers are leveraging AI to rapidly reconnoiter and tailor content for smaller organizations, making it easier to execute business email compromise (BEC) scams and scam smaller sums from many victims, as demonstrated by a recent attack targeting a small community organization.

business-email-compromise bec ai social-engineering credential-harvesting exploitation

2r 2t 1c 6i Apr 3, 2026