Microsoft Removes Domains Used to Scam Office 365 Users

Share post:

Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s clients.

The domains captured by Microsoft were so-called “homoglyph” domains, which were registered as legitimate businesses and allowed fraudsters to pose as companies while communicating with their customers.

According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd. / Key-Systems GmbH as a malicious infrastructure in BEC attacks on Office 365 customers and services.

According to Microsoft, the criminals behind this campaign are “part of a massive network that appears to be based out of West Africa” and have mainly targeted North American small businesses operating in multiple industries.

This is not the first time that Microsoft has seen such incidents. In the past, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another massive BEC campaign.

In some cases, the methods of BEC fraudsters seem to lack sophistication, and their phishing emails may look distinctly malicious to some. BEC attacks are behind the record-breaking financial losses since 2018.

The FBI’s annual report on cybercrime lists a record $1.8 billion in losses reported last year alone.

In March, the FBI also warned of BEC attacks increasingly targeting U.S. state, local, tribal and territorial government units.

In other warnings sent out last year, the FBI warned of BEC scammers abusing automatic email forwarding and cloud email services such as Microsoft Office 365 and Google G Suite in their criminal activities.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs


Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways