The US District Court for the Eastern District of Virginia granted Microsoft the right to seize six malicious web domains that were used for phishing operations. The attacks targeted victims in 62 countries in the form of coronavirus-related emails, tricking them into allowing hackers access to sensitive data. Microsoft announced the news in a blog post, saying it had been monitoring these criminals since 2019, when they developed a phishing scheme “to compromise Microsoft customer accounts.”
When these scams started, phishers sent emails posing as Microsoft employees or partners. They attached files like “Q4 Report — Dec19,” hoping customers would take the bait. Once they opened the file, cybercriminals would ask them to install a fake Office 365 app called “0365 Access.” The latter would allow hackers to access customers’ Office 365 accounts and collect information like emails, contacts, notes, and files.
But after the COVID-19 outbreak, attackers stepped up their game and started using the pandemic to trick victims. They sent out emails with file attachments like “COVID-19 Bonus.xlsx” at a time when companies were laying off employees or closing their doors. Business leaders and executives were the targets of these attacks, according to court documents. If recipients clicked the file, they were also redirected to install the malicious app created by the hackers.
This prompted Microsoft to secretly take legal action against these domains last month to seize them and shut them down. And it didn’t take long for the court to rule in favor of the company. But it was all under seal, meaning the scammers didn’t know about the imminent closure of their operation. Once Microsoft took control of the domains, it revealed details of the case.
“This unique civil case against COVID-19-themed [business email compromise] attacks has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers,” said Tom Burt, Microsoft Corporate Vice President. The six domains in question were:
Microsoft confirmed that the attacks weren’t state-sponsored, but refused to comment if it knew who was behind them. This isn’t the tech giant’s first rodeo, though. In March 2019, it seized 99 domains that belonged to hackers backed by the Iranian government. Then, in December that year, it shut down 50 domains operated by North Korean state-supported cybercriminals. And in March this year, Microsoft took over Necurs botnet domains.
Burt revealed that cybercriminals created the fake Microsoft app to access victims’ emails, files, contact lists, and other sensitive data. They would then use this information in business email compromise (BEC) scams and pose as legitimate employees or business partners. The goal of BEC attacks is to trick companies into redirecting transactions and payments to hackers’ bank accounts.
According to the FBI, BEC crimes resulted in a $1.7 billion loss in 2019, the most-costly cybercrime complaint that the Internet Crime Complaint Center (IC3) ever received during that year. The costs represent almost half of all cybercrime-related financial losses, as per the FBI’s 2019 Internet Crime Report.
TheVPN.Guru offers plenty of online safety tips, like how to avoid phishing scams and browse the web anonymously with a VPN.