Microsoft cracks down on sophisticated BEC scam campaign

The firm’s Digital Crime Unit seized a variety of malicious domains targeting Office 365 customers

Microsoft has secured a court order to take down malicious infrastructure used by cyber criminals to conduct a sophisticated business email compromise (BEC) campaign against Microsoft 365 customers. 

The company’s Digital Crimes Unit (DCU) filed a case to strike down 17 malicious ‘homoglyph’ domains used by cyber criminals to mimic legitimate businesses and their contact details. This allowed the perpetrators to lull victims into a false sense of security when messaging as part of the spam campaign.

Homoglyph domains appear very similar to legitimate names, but those running them replace the characters in a business’ name with another that’s subtly different, such as using MICROS0FT.COM instead of MICROSOFT.COM. 

Microsoft initially identified a single customer complaint regarding BEC, with its investigation finding that a criminal group had created 17 additional malicious homoglyph domains registered with third parties. The network appears to be operating out of West Africa, with targets primarily small businesses in North America across a variety of industries.

This specific BEC attack involved fraudulent domains, together with stolen customer credentials, used to access and monitor customer accounts. The group then gathered enough intelligence to impersonate the customers in an attempt to trick victims into transferring funds. 

Once the cyber criminals gained access to a network, they imitated customer employees and targeted trusted networks, vendors, contracts and agents in order to fool them into sending or approving financial payments.

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastFree download

Microsoft claims the criminals identified a legitimate email from the compromised account of an Office 365 customer referencing payment issues, and asking for advice on processing payments. They took advantage of this and sent an impersonation email from a homoglyph domain using the same sender name and a near-identical domain. 

“Cyber criminals are getting more sophisticated,” said the general manager of Microsoft’s DCU, Amy Hogan-Burney. 

“Microsoft’s Digital Crimes Unit will continue to fight cybercrime with our comprehensive efforts to disrupt the malicious infrastructure used by criminals, through referrals to law enforcement, civil legal actions on behalf of our customers such as this one, or technical measures in partnership with our product and service teams.”

BEC is an ongoing concern for businesses, and this legal action follows 23 previous enforcements that Microsoft has sought against malware and nation-state groups, taken in collaboration with law enforcement agencies, since 2010.

Research showed that despite a 32% surge in email security threats during 2020, there was an 18% year-on-year decline in BEC detections. This could mean, however, that cyber criminals are exploring alternative techniques rather than scaling back.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance
Microsoft Windows

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance

21 Jan 2022
Microsoft buys game developer Activision Blizzard for $68.7 billion
mergers and acquisitions

Microsoft buys game developer Activision Blizzard for $68.7 billion

18 Jan 2022
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
cyber security

Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update

12 Jan 2022
Windows 11 problems and how to fix them
Microsoft Windows

Windows 11 problems and how to fix them

7 Jan 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022