Microsoft is warning of a large-scale BEC campaign that targeted more than 120 organizations with gift card scam.

The attackers targeted organizations in multiple industries, including the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors. The threat actors leverage typo-squatted domains to trick the recipients into believing that the emails were originating from valid senders.

The emails employed in this campaign starts with a vague request, such as “I need you to do a task for me” or “Let me know if you’re available.”Upon replying to the email, the attacker will demand for a gift card. In some cases, attackers directly requested a gift card to the recipient.

The registered domains did not always align with the organization being impersonated in the email. This could have been a mistake on the actor’s part, as BEC domains are typically designed to closely mimic the impersonated organization.

Experts pointed out that attackers show high reconnaissance skills that were used to gather intelligence on the targets and target the rights employees within the organizations.

Attackers are also faking the In-Reply-To and References headers to add an extra air of legitimacy to the email.

This characteristic sets this campaign apart from most BEC campaigns, where attackers simply include a real or specially crafted fake email, adding the sender, recipient, and subject, in the new email body, making appear as though the new email was a reply to the previous email.