Microsoft Seizes Domains Used for COVID-19 Phishing Scam

Anti-Phishing, DMARC

Software Giant Asked Federal Court for Injunction Against Unnamed Hackers

Microsoft Seizes Domains Used for COVID-19 Phishing Scam
Consent screen of the malicious web app used in phishing scheme (Source: Microsoft)

A U.S. federal court has issued an injunction that gives Microsoft permission to seize control of several malicious domains being used to operate a COVID-19-themed phishing scam, according to court documents unsealed this week.

See Also: The Evolution of Email Security

The U.S. District Court for the Eastern District of Virginia issued the injunction, according to the documents unsealed Monday. The order was obtained after Microsoft brought a civil suit against two unnamed defendants associated with the malicious domains used in the campaign and requested the court grant the motion to disable the sites. In its complaint, Redmond argued that defendants allegedly were attempting to harm the company and its customers.

Microsoft’s Digital Crimes Unit first located the domains in December 2019, and then noticed earlier this year that they were being used in conjunction with COVID-19-themed phishing scams, according to the company.

“Microsoft seeks a preliminary injunction directing the registries associated with these Internet domains to take all steps necessary to disable access to and operation of these Internet domains to ensure that changes or access to the Internet domains cannot be made absent a court order and that all content and material associated with these Internet domains are to be isolated and preserved pending resolution of the dispute,” according to the court document.

The federal court issued the injunction on July 1 stating there is “good cause to believe the defendants have engaged in and are likely to engage in acts or practices that violate the Computer Fraud and Abuse Act.”

The Scam

The scheme was centered on socially engineered phishing emails that contained references to COVID-19 and offered a possible financial bonus in order to induce the victim to click on a malicious link, according to Microsoft.

“Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application. Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account,” Microsoft notes.

This gave the hackers access to the target’s email, contacts, notes and material stored in their OneDrive for Business cloud storage space and corporate SharePoint document management and storage system, Microsoft adds.


Example of phishing emails from domains that Microsoft has now seized (Source: Microsoft)

“This unique civil case against COVID-19-themed [business email compromise] attacks has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers,” Tom Burt, corporate vice president of customer security and trust at Microsoft, noted in a blog post about the case.

Since the World Health Organization declared COVID-19 a pandemic in March, security firms have noticed a significant uptick in fraudsters and hackers using the healthcare crisis in phishing emails and spam as a way to lure victims. In a report issued in June, Microsoft found that these types of schemes have slowed down significantly over the past several weeks (see: COVID-19-Themed Phishing Campaigns Diminish).

Earlier, Similar Scam

A similar campaign was detected in December 2019 by Microsoft’s Digital Crimes Unit when the threat actors released a phishing campaign designed to compromise Microsoft accounts, the company reported. The attack was detected and thwarted.

“Microsoft utilized technical means to block the criminals’ activity and disable the malicious application used in the attack. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims,” the company says.

Managing Editor Scott Ferguson contributed to this report.

Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here