Security News > 2021 > July > Microsoft takes down domains used to scam Office 365 users
Microsoft's Digital Crimes Unit has seized 17 malicious domains used by scammers in a business email compromise campaign targeting the company's customers.
The domains taken down by Microsoft were so-called "Homoglyph" domains registered to resemble those of legitimate business.
According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.
"Defendants use malicious homoglyph domains together with stolen customer credentials to unlawfully access customer accounts, monitor customer email traffic, gather intelligence on pending financial transactions, and criminally impersonate O365 customers, all in an attempt to deceive their victims into transferring funds to the cybercriminals," Microsoft said.
These tactics perfectly line up with methods used in BEC scams where attackers employ various tactics to compromise business email accounts, later used to redirect payments to bank accounts under their control or to target employees as part of gift card scams.
Last month, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another large-scale BEC campaign.