It’s not actually an invite to collaborate.

Leave a Comment / Business, Cybersecurity, Email Security, Security, Technology / By

🚨 Security Alert: Business Email Compromise (BEC) Campaign Targeting Government Contractors
Date: June 17, 2025
Threat Level: High
Audience: Government Contractors and Client Partners

Summary:
Rolle IT has identified an active and sophisticated Business Email Compromise (BEC) campaign targeting government contractors and their clients. In this campaign, attackers are sending emails directly from legitimate, but compromised email accounts belonging to trusted partners, subcontractors, or government personnel. As a result, these messages appear authentic at first glance — they may pass SPF/DKIM checks and match known contacts in your address book.

However, the contents of the emails are malicious. The embedded links redirect to fraudulent document-sharing portals or credential harvesting sites. In many cases, the email signature blocks have been altered or spoofed — they may look familiar but include subtle changes or incorrect information.

This compromise prompts users to log into their OneDrive, allowing the bad actors access to critical systems and accounts.

Key Red Flags to Watch For:

Inflated Sense of urgency to complete a task
Unexpected document collaboration requests or urgent contract discussions
Hyperlinks pointing to suspicious or non-standard domains
Slight alterations in email signature details (phone numbers, job titles, etc.)
Odd tone or timing of emails from known contacts

What You Should Do:

Do not click on unexpected or unsolicited document links — even if they come from known contacts.
Verify independently via phone or a different communication method before responding or opening any attachments.
Report immediately to your IT or security team if you suspect compromise.
Ensure MFA is active on all user accounts and that staff are trained on BEC red flags.
Ensure you have appropriate Email Security Protection.

Need Assistance?

If your organization is targeted or if you have concerns about a suspicious message, contact Rolle IT Cybersecurity Services at [email protected].
hashtag#BEC hashtag#receipts hashtag#Rolleit hashtag#cybersecurity hashtag#ITRemediation hashtag#cybersecurity hashtag#emailsecurity

business email compromise warning

Leave a Comment

Your email address will not be published. Required fields are marked *