Microsoft Warns of New Sophisticated Phishing Scams

The company highlights new tactics being used by scammers in a recently published threat intelligence report.

A recently released Microsoft threat intelligence report has revealed that hackers are purchasing residential IP addresses close to businesses they’re targeting to better avoid fundamental security detection processes.

This is one of several sophisticated tactics fueling a surge in effective business email compromise attacks. Microsoft says there’s been a 38 percent increase in Cybercrime-as-a-Service targeting business email between 2019 and 2022.

Although password managers are generally considered a secure way to manage your personal passwords, from a business perspective, passwordless authentication is safer, as it means credentials are traveling around networks less and less.

Business Email Compromise: A Growing Threat

Microsoft’s Threat Intelligence Digital Crimes Unit detected 35 million business email compromise (BEC) attempts between April 2022 and April 2023, which amounts to an average of 156,000 attacks a day over the same period.

Microsoft says it closed down 416,678 malicious URLs between May 2022 and April 2023.

The company also revealed in their 2023 Cyber Signals report the most common types of phishing mail that unsuspecting victims are receiving right now, based on data from January to April of 2023:

Phishing mail by type, shown on pie chart

Hackers Buy IP Addresses to Avoid “Impossible Travel” Flags.

Microsoft says it’s charted an “increase in sophistication” of tactics used by malicious actors that specialize in compromising the emails of business people.

Specifically, attackers are turning to platforms like BulletProfitLink – which provides “hosting and automated services” that can aid business email compromise attacks – in greater numbers.

Alongside trying to steal usernames and passwords via BEC, threat actors are also buying IP addresses from residential IP services that correspond to the location of their targets.

This helps the attackers skirt around “Impossible Travel” flags and more easily create backdoors in target networks.

“Impossible Travel” is a detection used to indicate that a user’s account may be compromised. Simply put, if a user seemingly connects from two different geographical locations at two different times, and the time between those locations couldn’t have been made through normal air travel, it’s flagged as suspicious.

A localized IP address, however, acts as a cloak against this detection – which is why they’re being purchased by scammers and hackers.

Protect Yourself Online

A good VPN like Surfshark can help keep your data secure

How Can You Protect Your Company From Business Email Compromise?

To keep yourself and your business secure, Microsoft suggests configuring your email system to flag mail from external parties, as well as educating staff on the telltale signs of phishing emails.

This is particularly crucial as threat actors change their tactics regularly. But further, tools like ChatGPT – which can churn out cogent, mistake-free email copy in seconds – mean that standards of spelling and grammar hold less weight when deciding whether an email is genuine in 2023 than at any other time.

As we mentioned in the introduction, password managers can be a great way to ensure all your personal passwords are long and unique, but Microsoft suggests moving towards a passwordless verification system, to minimize credential usage.

The tech giant also recommends adopting a secure payment system so you’re not getting invoices emailed directly to your inbox. It might seem like a long checklist, but with email compromise attacks on the rise, it’s better to be safe than sorry.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Aaron Drapkin is's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals