Cybercriminals use victims’ home IP addresses to carry out stealth VEC attacks

Company Microsoft informs that cybercriminals use home IP addresses victims in VEC attacks to give the appearance of a local login and avoid detection.

VEC attack is a type of cyber fraud in which attackers use compromised or fake email addresses to send fake money transfer requests to employees responsible for making or approving payments. The hackers are asking for money to be transferred to bank accounts they manage. According to the FBI, in 2022 was registered about 22 thousand complaints about VEC attacks, and the damage from them amounted to more than $ 2.7 billion.

One of the latest tactics that scammers use is to buy IP addresses from specialized services that correspond to the approximate location of the victim. This allows cybercriminals to hide the true origin of their attempts to log into email accounts, thereby not arousing any suspicion from the security system.

“Armed with the local IP address and credentials of a potential victim, attackers can make it much more difficult to detect their activities and open a passage for further attacks,” explains Microsoft.

Protective flag Impossible Travel fires when authentication to an account is performed in two places in a short period of time, which is not enough to move from one place to another. And if the potential victim does not use in work scenarios VPN-service, then this is a reason to worry about account security.

“Home IP addresses that match the locations of victims provide an opportunity and a chance for cybercriminals to collect large volumes of compromised credentials and easily gain access to accounts,” Microsoft notes.

To prevent similar attack scenarios, organizations are advised to:

• use secure email solutions;
• set special email rules to block messages from third parties;
• use strong authentication methods;
• implement domain-based message authentication policies to protect against spoofed emails;
• train employees to recognize fake emails.

“Attacks by attackers to attack business email can take many forms, including phone calls, text messages, emails, or social media posts. Tactics of spoofing messages with authentication requests and impersonating other individuals or companies are also common,” Microsoft warns.