Back in May, Microsoft warned of a widespread gift card scam using a phishing technique called business email compromise (BEC) to get access to business information or to steal money. In this particular campaign, attackers were targeting various industries including real estate, consumer goods, agriculture, and more by using typosquatted domains to trick recipients into thinking that emails come from people they know.
Now, the Redmond tech giant has highlighted that it is fighting legal battles to ensure that it is not possible to use imposter domains in cyberattacks.
Microsoft says that its Digital Crimes Unit (DCU) secured a court order on July 16 to take down digital infrastructure being utilized by malicious actors. This was mainly around the use of imposter domains, which the company calls "homoglyphs". These were being used to impersonate Microsoft customers and engage in fraudulent activity.
Homoglyphs typically use typosquatting to register domain names that can be used to impersonate legitimate organizations. Examples of this include "MlCROSOFT.COM" and "MICROS0FT.COM" to impersonate "MICROSOFT.COM". Following Microsoft's legal engagement on this front, a judge in the Eastern District of Virginia sent a court order to domain registrars to disable services on malicious domains being used to impersonate the company.
Microsoft says that homoglyphs have been used in a lot of BEC attacks across various industries all over the globe, with malicious actors being able to gain customer credentials, have funds transferred to their accounts, and even gain access to the network of customers of their target. Microsoft has highlighted that criminals using this technique appear to motivated by financial benefits rather than political.
The Redmond tech giant went on to say that:
Often, once detected or addressed by Microsoft through technical means, these criminals move their malicious infrastructure outside the Microsoft ecosystem and onto third-party services in an attempt to continue their illegal activities. With this case, we secured an order which eliminates the defendants’ ability to move these domains to other providers. The action will further allow us to diminish the criminals’ capabilities and, more importantly, obtain additional evidence to undertake further disruptions inside and outside court. This disruption effort follows 23 previous legal actions against malware and nation-state groups that we’ve taken in collaboration with law enforcement and other partners since 2010.
Microsoft says that it will continue to fight sophisticated and malicious activity such as the use of homoglyphs through digital means and by collaborating with law enforcement agencies on behalf of its customers as well. The company has encouraged the use of Microsoft Defender for Office 365 and the Microsoft 365 Message Center to protect your organization against BEC attacks and stay updated on the latest notifications on this topic, respectively.