Security News > 2021 > July > Microsoft takes down domains used to scam Office 365 users
Microsoft's Digital Crimes Unit has seized 17 malicious domains used by scammers in a business email compromise campaign targeting the company's customers.
The domains taken down by Microsoft were so-called "Homoglyph" domains registered to resemble those of legitimate business.
According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.
"Defendants use malicious homoglyph domains together with stolen customer credentials to unlawfully access customer accounts, monitor customer email traffic, gather intelligence on pending financial transactions, and criminally impersonate O365 customers, all in an attempt to deceive their victims into transferring funds to the cybercriminals," Microsoft said.
These tactics perfectly line up with methods used in BEC scams where attackers employ various tactics to compromise business email accounts, later used to redirect payments to bank accounts under their control or to target employees as part of gift card scams.
Last month, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another large-scale BEC campaign.
News URL
Related news
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft releases emergency update to fix Office 2016 crashes (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)