BEC Attacks Targeting K-12 School Teachers by Impersonating their Colleagues

On Tuesday, Microsoft warned in a series of posts on Twitter of a spike in gift card-themed company email compromise (BEC) attacks targeting K-12 school teachers by impersonating their peers.

A new increase in company email compromise (BEC) attacks has been observed demanding gift cards specifically targeting K-12 school teachers. Attackers impersonate classmates or school administrators to persuade beneficiaries to buy separate gift cards, warned Microsoft Security Intelligence.

The attackers produce false email addresses impersonating school employees from K-12. Accounts are created on the basis of information open to the public that they gather from different websites or social media networks. To deliver scam emails to their targets, they then use these accounts.

Free email systems, including Gmail, Outlook,, Hotmail, iCloud, and Yahoo, are being exploited by attackers. Microsoft said there was no email spoofing used by the scammers, only newly registered accounts.

The threat actors, characteristic of BEC scams and phishing attacks, use different lures and situations to create a sense of authenticity and to indicate urgency.

Bitcoin Transactions Led FBI to Hackers Twitter


The attackers asked victims to buy actual gift cards and give them pictures of such cards in some of the instances the tech firm has posted on Twitter, pledging swift refund.

The same threat agents previously used COVID-19 lures in related BEC gift card projects, according to Microsoft.

Security analysts said that such BEC attacks have been underway for over a year in response to Microsoft’s tweets, and that colleges, along with K-12 settings, are now being attacked.

Microsoft was unable to share details about the amount of attack attempts detected. These events were not tied by the organisation to prior BEC promotions.

Organizations are encouraged to use protection tools capable of detecting domain spoofing and impersonation attempts to remain safe from this form of BEC attacks and other malicious behaviour, and to instruct workers to constantly be careful over the nature of the communications they obtain.

Leave a Reply
Previous Post
Data breach

Embedded Software Wind River Systems Has Started Informing Employees of a Data Breach

Next Post

SIMATIC Human-Machine Interface Panels to Address a High-Severity Vulnerability

Related Posts