Microsoft Removes Domains Used to Scam Office 365 Users

Share post:

Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s clients.

The domains captured by Microsoft were so-called “homoglyph” domains, which were registered as legitimate businesses and allowed fraudsters to pose as companies while communicating with their customers.

According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd. / Key-Systems GmbH as a malicious infrastructure in BEC attacks on Office 365 customers and services.

According to Microsoft, the criminals behind this campaign are “part of a massive network that appears to be based out of West Africa” and have mainly targeted North American small businesses operating in multiple industries.

This is not the first time that Microsoft has seen such incidents. In the past, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another massive BEC campaign.

In some cases, the methods of BEC fraudsters seem to lack sophistication, and their phishing emails may look distinctly malicious to some. BEC attacks are behind the record-breaking financial losses since 2018.

The FBI’s annual report on cybercrime lists a record $1.8 billion in losses reported last year alone.

In March, the FBI also warned of BEC attacks increasingly targeting U.S. state, local, tribal and territorial government units.

In other warnings sent out last year, the FBI warned of BEC scammers abusing automatic email forwarding and cloud email services such as Microsoft Office 365 and Google G Suite in their criminal activities.

For more information, read the original story in BleepingComputer.


Related articles

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Disney investigating a potential major leak of internal communications

Disney is investigating a significant data breach by the hacking group Nullbulge, which claims to have accessed and...

Kaspersky to shut down its US business due to sanctions

Russian cybersecurity firm Kaspersky Lab announced it will cease its U.S. operations starting July 20, following sanctions from...

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways