Threats Tagged 'business email compromise'
View all threats tagged with 'business email compromise'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'business email compromise'
Click on any threat for detailed analysis and mitigation recommendations
New widespread EvilTokens kit: device code phishing as-a-service 0 EvilTokens is a new Phishing-as-a-Service offering a turnkey Microsoft device code phishing kit. It enables attackers to harvest access and refresh tokens, granting unauthorized access to victims' Microsoft accounts. The kit supports post-compromise operations, allowing data exfiltration from various Microsoft services. EvilTokens has been rapidly adopted by cybercriminals since March 2026, impacting organizations globally. The service provides advanced capabilities for account takeover, including token conversion to Primary Refresh Tokens and browser cookies for persistent access. Phishing campaigns using EvilTokens target employees in finance, HR, logistics, and sales, primarily for Business Email Compromise attacks. MediumCampaign Join the discussion United States United Kingdom Canada+8#device code phishing#token harvesting#microsoft 365 | AlienVault OTX General | 03/31/2026, 16:14:29 UTC Added: 03/31/2026, 18:38:16 UTC |
Pro-Iranian Nasir Security is Targeting The Energy Sector in the Middle East 0 A new cybercriminal group, Nasir Security, believed to be associated with Iran, is targeting energy organizations in the Middle East. They focus on attacking supply chain vendors involved in engineering, safety, and construction. The group emerged in October 2025 and has claimed attacks on various energy sector companies, including Dubai Petroleum, CC Energy Development, and Al-Safi Oil Company. However, their claims are likely exaggerated, and the actual breaches appear to be of third-party contractors. The group's tactics include business email compromise, spear phishing, and exploiting public-facing applications. Their activities are seen as part of a broader Iranian strategy to conduct cyberattacks and spread misinformation during ongoing geopolitical conflicts. MediumCampaign Join the discussion United Arab Emirates Saudi Arabia Qatar+4#disinformation#energy sector#business email compromise | AlienVault OTX General | 03/23/2026, 18:36:23 UTC Added: 03/23/2026, 21:15:50 UTC |
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations 0 RedVDS, a virtual dedicated server provider, has been utilized by multiple financially motivated threat actors for business email compromise, phishing, account takeover, and financial fraud. The service offers inexpensive Windows-based RDP servers with full administrator control, attracting cybercriminals worldwide. Microsoft's investigation revealed a global network targeting multiple sectors across various countries. RedVDS uses a single, cloned Windows host image, leaving unique technical fingerprints. The service operates through cryptocurrency payments and supports various digital currencies. Microsoft's analysis uncovered the infrastructure, provisioning methods, and tools deployed on RedVDS hosts, including mass mailers, email harvesters, privacy tools, and automation scripts. Join the discussion | AlienVault OTX General | 01/14/2026, 19:24:49 UTC Added: 01/15/2026, 11:31:55 UTC |
Microsoft 365 Direct Send Abuse: Phishing Risks & Security Recommendations 0 Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails, bypassing perimeter security solutions by routing malicious messages through trusted infrastructure. This technique requires no credentials, only knowledge of the target domain and valid recipient addresses. The attack process involves identifying organizational domains, crafting emails impersonating internal users, and delivering them through Microsoft 365's infrastructure. Recent campaigns have successfully harvested credentials and established footholds within targeted environments. Attackers use automated tools to generate convincing business-themed lures, often utilizing PDF and DOCX attachments with QR codes or obfuscated HTML leading to phishing pages. The abuse of Direct Send represents a critical gap in email security defenses, particularly for organizations relying heavily on email communications. Join the discussion | AlienVault OTX General | 08/18/2025, 14:16:17 UTC Added: 08/18/2025, 14:32:57 UTC |
NET RFQ: Request for Quote Scammers Casting Wide Net to Steal Real Goods 0 This intelligence analysis examines a widespread Request for Quote (RFQ) scam that exploits Net financing options to steal high-value electronics and goods. The scammers pose as procurement agents for legitimate companies, using stolen information and lookalike domains to appear credible. They request quotes for specific items and inquire about Net 15/30/45-day financing. Once credit is approved, they provide shipping addresses, often using freight forwarding services or residential addresses. The scammers utilize a network of shipping services, warehouses, and money mules to facilitate their operations. Key characteristics of the scam include urgent financing requests, suspicious delivery addresses, and the use of free email accounts. Mitigation efforts included domain takedowns and intercepting fraudulent shipments. Join the discussion | AlienVault OTX General | 07/23/2025, 08:02:21 UTC Added: 07/23/2025, 09:17:44 UTC |
Showing 1 to 5 of 5 results