Discovering Potential BEC Scam Vehicles through the DNS | WhoisXML API

Threat Reports

Discovering Potential BEC Scam Vehicles through the DNS

Victims the world over lose billions to business email compromise (BEC) scammers each year.1 And according to FBI IC3, the threat won’t slow down anytime soon.

WhoisXML API researchers expanded seven indicators of compromise (IoCs) connected to a BEC scam targeting executives discovered just this February2 and found:

  • Five IP addresses to which some of the IoCs resolved
  • 700+ domains that shared the IoCs’ IP hosts, one of which turned out to be malicious
  • 1,200+ domains that contained foobar, the company the BEC scammers spoofed in their campaign, eight of which turned out to be malware hosts
  • 2,500+ domains that contained docusign, which the threat actors abused to supposedly host the document the victim needed to sign, 43 of which have been categorized as malicious by various malware engines
  • 10,000 domains that contained outlook, which the threat actors abused to send out their BEC scam emails, 30 of which have been tagged as malware hosts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.slashnext.com/blog/latest-fbi-ic3-report-reveals-bec-and-crypto-scams-top-the-list-of-the-10-3-billion-losses-in-2022/
  • [2] https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365
Try our WhoisXML API for free
Get started