IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft cracks down on sophisticated BEC scam campaign

The firm’s Digital Crime Unit seized a variety of malicious domains targeting Office 365 customers

Microsoft has secured a court order to take down malicious infrastructure used by cyber criminals to conduct a sophisticated business email compromise (BEC) campaign against Microsoft 365 customers. 

The company’s Digital Crimes Unit (DCU) filed a case to strike down 17 malicious ‘homoglyph’ domains used by cyber criminals to mimic legitimate businesses and their contact details. This allowed the perpetrators to lull victims into a false sense of security when messaging as part of the spam campaign.

Homoglyph domains appear very similar to legitimate names, but those running them replace the characters in a business’ name with another that’s subtly different, such as using MICROS0FT.COM instead of MICROSOFT.COM. 

Microsoft initially identified a single customer complaint regarding BEC, with its investigation finding that a criminal group had created 17 additional malicious homoglyph domains registered with third parties. The network appears to be operating out of West Africa, with targets primarily small businesses in North America across a variety of industries.

This specific BEC attack involved fraudulent domains, together with stolen customer credentials, used to access and monitor customer accounts. The group then gathered enough intelligence to impersonate the customers in an attempt to trick victims into transferring funds. 

Once the cyber criminals gained access to a network, they imitated customer employees and targeted trusted networks, vendors, contracts and agents in order to fool them into sending or approving financial payments.

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastFree download

Microsoft claims the criminals identified a legitimate email from the compromised account of an Office 365 customer referencing payment issues, and asking for advice on processing payments. They took advantage of this and sent an impersonation email from a homoglyph domain using the same sender name and a near-identical domain. 

“Cyber criminals are getting more sophisticated,” said the general manager of Microsoft’s DCU, Amy Hogan-Burney. 

“Microsoft’s Digital Crimes Unit will continue to fight cybercrime with our comprehensive efforts to disrupt the malicious infrastructure used by criminals, through referrals to law enforcement, civil legal actions on behalf of our customers such as this one, or technical measures in partnership with our product and service teams.”

BEC is an ongoing concern for businesses, and this legal action follows 23 previous enforcements that Microsoft has sought against malware and nation-state groups, taken in collaboration with law enforcement agencies, since 2010.

Research showed that despite a 32% surge in email security threats during 2020, there was an 18% year-on-year decline in BEC detections. This could mean, however, that cyber criminals are exploring alternative techniques rather than scaling back.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

The IT Pro Podcast: Enabling bilingual business
collaboration

The IT Pro Podcast: Enabling bilingual business

30 Sep 2022
Podcast transcript: Enabling bilingual business
collaboration

Podcast transcript: Enabling bilingual business

30 Sep 2022
Windows 11 Update 2022: The "first major" Windows 11 update brings slew of new business features
Microsoft Windows

Windows 11 Update 2022: The "first major" Windows 11 update brings slew of new business features

21 Sep 2022
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Security

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday

14 Sep 2022

Most Popular

Vodafone UK confirms talks to merge with Three are underway
mergers and acquisitions

Vodafone UK confirms talks to merge with Three are underway

3 Oct 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022