Security News > 2021 > July > Microsoft takes down domains used to scam Office 365 users
Microsoft's Digital Crimes Unit has seized 17 malicious domains used by scammers in a business email compromise campaign targeting the company's customers.
The domains taken down by Microsoft were so-called "Homoglyph" domains registered to resemble those of legitimate business.
According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.
"Defendants use malicious homoglyph domains together with stolen customer credentials to unlawfully access customer accounts, monitor customer email traffic, gather intelligence on pending financial transactions, and criminally impersonate O365 customers, all in an attempt to deceive their victims into transferring funds to the cybercriminals," Microsoft said.
These tactics perfectly line up with methods used in BEC scams where attackers employ various tactics to compromise business email accounts, later used to redirect payments to bank accounts under their control or to target employees as part of gift card scams.
Last month, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another large-scale BEC campaign.
News URL
Related news
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft tests Edge Scareware Blocker to block tech support scams (source)
- Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts (source)