Skip to main content

Microsoft investigation confirms scammers still use the oldest tricks in the book

Outlook vs Windows Mail
Outlook vs Windows Mail (Image credit: Windows Central)

What you need to know

  • A Microsoft 365 Defender Threat Intelligence Team report breaks down a common gift card scam.
  • The report shows that scammers are still using some of the oldest schemes to steal money.
  • A specific campaign looked at by Microsoft accidentally didn't use the right organization name when claiming to send company emails.

Spam emails are a constant in the modern world. Whether it's a personal or work email address, most people are inundated with all sorts of scams and schemes. A new study (opens in new tab) from the Microsoft 365 Defender Threat Intelligence Team breaks down one of the more common schemes, business email compromise (BEC) attacks.

These types of attacks try to trick people into approving payments, transferring money, or in the case of a specific campaign looked at by Microsoft, purchasing gift cards.

These types of attacks center around tricking people who might not look at the recipient email address. A scammer will send an email pretending to be from someone's boss or someone in authority and then ask for funds in one way or another.

Frequently, scammers use typo-squatted domains, which are fake domains that look real at a glance. For example, a scammer may add a letter to a website domain, like microsofft.com.

These types of attacks are quite old, but they're presumably still in use because they're effective. Scammers wouldn't keep using the same tactics if they didn't work. The fact that Microsoft Defender for Office 365 detects and blocks these threats could also indicate that people need to be protected from them.

Microsoft's report isn't written to be comedic, but it does highlight a silly mistake made by a specific set of scammers. The campaign that Microsoft covers in its post didn't use the correct organization names when trying to trick people. It would be like if someone claimed to be your boss but said they worked for the wrong company.

Sean Endicott is the news writer for Windows Central. If it runs Windows, is made by Microsoft, or has anything to do with either, he's on it. Sean's been with Windows Central since 2017 and is also our resident app expert. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.

2 Comments
  • You just can't beat a good grift but MY GOD how are we still this dumb?!? 👀
  • A fool and their money... Scammers pray on the stupid. It's honestly hard to feel bad for individuals that fall for them most of the time. I still feel though that ransomware attacks need to be reclassified as terrorism. Kill anyone that takes down hospitals, or even governments.