Business Email Compromise: A 10-Step Investigation Guide for Forensic Investigators
A field guide to investigating Business Email Compromise (BEC) intrusions in Office 365 — 10 steps covering scope, log collection, forwarding rules, login analysis, permission changes, OAuth2 abuse, evasion, data-access assessment, threat intelligence, and recommendations.