Microsoft seizes domains used in COVID-19 phishing attacks

The tech giant's bid to take down websites used in business email compromise attacks was accepted by US court

A US District Court has accepted a bid from Microsoft to seize and take control of web domains used in phishing attacks that exploit concerns around the coronavirus. 

The tech giant announced that it's Digital Crimes Unit (DCU) had taken down a business email compromise operation on Tuesday. 

The unit first observed the criminal activity in December 2019, when a sophisticated phishing scheme designed to compromise Microsoft customer accounts was deployed. 

The hackers attempted to infiltrate customer email accounts, contact lists, sensitive documents and more in order to send emails to companies that look like they came from a trusted source. The overall goal was to steal information or redirect wire transfers.

When the group first began carrying out its scheme, the phishing emails contained deceptive messages associated with generic business activities. Malicious links were titled 'Q4 Report - Dec19', for instance. Microsoft said it used technical means to block the criminal activity and disable the malicious applications.

However, the same criminals attempted a fresh campaign using COVID-19-related phishing emails to target victims. The emails were designed to look like they originated from an employer or other trusted sources, Microsoft said. These were used to targeted business leaders across a number of industries.

"Today, the US District Court for the Eastern District of Virginia unsealed documents detailing Microsoft's work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world," Tom Burt, corporate VP of customer security & trust wrote in a blog. "Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminal's infrastructure so that it can no longer be used to execute cyberattacks." US businesses lost more than $1.7 billion as a result of business email compromise attacks, according to the FBI. 

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021
X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021