Microsoft cracks down on sophisticated BEC scam campaign

The firm’s Digital Crime Unit seized a variety of malicious domains targeting Office 365 customers

Microsoft has secured a court order to take down malicious infrastructure used by cyber criminals to conduct a sophisticated business email compromise (BEC) campaign against Microsoft 365 customers. 

The company’s Digital Crimes Unit (DCU) filed a case to strike down 17 malicious ‘homoglyph’ domains used by cyber criminals to mimic legitimate businesses and their contact details. This allowed the perpetrators to lull victims into a false sense of security when messaging as part of the spam campaign.

Homoglyph domains appear very similar to legitimate names, but those running them replace the characters in a business’ name with another that’s subtly different, such as using MICROS0FT.COM instead of MICROSOFT.COM. 

Microsoft initially identified a single customer complaint regarding BEC, with its investigation finding that a criminal group had created 17 additional malicious homoglyph domains registered with third parties. The network appears to be operating out of West Africa, with targets primarily small businesses in North America across a variety of industries.

This specific BEC attack involved fraudulent domains, together with stolen customer credentials, used to access and monitor customer accounts. The group then gathered enough intelligence to impersonate the customers in an attempt to trick victims into transferring funds. 

Once the cyber criminals gained access to a network, they imitated customer employees and targeted trusted networks, vendors, contracts and agents in order to fool them into sending or approving financial payments.

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastDownload now

Microsoft claims the criminals identified a legitimate email from the compromised account of an Office 365 customer referencing payment issues, and asking for advice on processing payments. They took advantage of this and sent an impersonation email from a homoglyph domain using the same sender name and a near-identical domain. 

“Cyber criminals are getting more sophisticated,” said the general manager of Microsoft’s DCU, Amy Hogan-Burney. 

“Microsoft’s Digital Crimes Unit will continue to fight cybercrime with our comprehensive efforts to disrupt the malicious infrastructure used by criminals, through referrals to law enforcement, civil legal actions on behalf of our customers such as this one, or technical measures in partnership with our product and service teams.”

BEC is an ongoing concern for businesses, and this legal action follows 23 previous enforcements that Microsoft has sought against malware and nation-state groups, taken in collaboration with law enforcement agencies, since 2010.

Research showed that despite a 32% surge in email security threats during 2020, there was an 18% year-on-year decline in BEC detections. This could mean, however, that cyber criminals are exploring alternative techniques rather than scaling back.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Google, Microsoft fight over documents in antitrust lawsuit
Policy & legislation

Google, Microsoft fight over documents in antitrust lawsuit

30 Jul 2021
Security researchers uncover more Print Spooler vulnerabilities
vulnerability

Security researchers uncover more Print Spooler vulnerabilities

19 Jul 2021
Microsoft customers will be able to record, report, and reduce their emissions
cloud computing

Microsoft customers will be able to record, report, and reduce their emissions

14 Jul 2021
Microsoft unveils Windows 365 ‘Cloud PC’ service
cloud computing

Microsoft unveils Windows 365 ‘Cloud PC’ service

14 Jul 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021