Common Oauth Apps Used in Business Email Compromise
This article serves as another place to document some common (and not so common) Oauth applications that are abused for malicious purposes during a BEC. Some are well documented, while…
Malicious Usage of eM Client In Business Email Compromise
If you've found your way to this article, it's likely because you have found a suspicious application content for eM Client. This is an application that is similar in it's…
Syne’s Declassified O365 Email Compromise Investigation Guide
AKA newb's guide to investigating an email compromise. (Yes, I did spend 3x the amount of time making that image then I did writing the article, what about it??) Disclaimer…
Malicious Azure Application PERFECTDATA SOFTWARE and Microsoft 365 Business Email Compromise
Edit 04/13/25: The newest version of the software behind this application has changed. Now, the application's name within a tenant will be Mail_Backup. The app id is now 2ef68ccc-8a4d-42ff-ae88-2d7bb89ad139. Most…