The Exec Email Fraud Menace Continues: Crooks Net $15 Million Via Microsoft’s Cloud

Lets break down this click bait headline

Firstly: You can forget about this Microsoft cloud reference. Even though much of the action took place in Office365, it could have also taken place on any other email system and is more the fault of the users than the platform itself. So if you leverage Office365, Azure, or any other Microsoft products fear not. Just be sure you stick around until the end where I’ll share some tips on how you can avoid this type of mess.

The main focus of this article has do with a very successful group of criminals and a well coordinated wire fraud scheme.

The criminals essentially convinced the financial folks in several different organizations to wire money into their accounts by impersonating business partners.

The did this in 2 different ways.

  1. Gained direct access to an email account and send the message from there.
  2. They registered domains similar to that of the person they wanted to impersonate and sent an email from there.

The example in the article shows a domain as a domain that might easily be mistaken for

So what can we do to help?


  • Have your office365 instance properly secured
  • Implement a good password policy
  • Use MFA
  • Darkweb monitoring help with password security
  • Spam filtering service - not the stock filtering service that comes with Office365
  • Security awareness training -
  • Have a process to confirm wire instructions that includes a secondary form of verification