Microsoft recently obtained a court order allowing them to seize control of six domains that are being used in phishing operations against Office 365 users, including in campaigns that took advantage of COVID-19 situation.
Based on court documents, Microsoft has targeted a phishing group that has been victimizing the company’s customers since late 2019. The phishers operated through email send out to companies hosting email servers and enterprise infrastructure on Microsoft’s Office 365 cloud service.
This call for business owners to ensure their new domains won’t be associated with these culprits before accomplishing domain search and securing a domain name.
How did they do it?
The emails were spoofed to look like messages from fellow employees or business partners. This phishing operation was unique as it didn’t redirect users to phishing sites that parade as Office 365 login page. Hackers instead touted an Office document. When a user tried to open the file, they get redirected to install a malicious Office 365 app created by the hackers.
If installed, the app will grant the attackers full access to the victim’s Office 365 account, its settings, the content of their emails, the user’s files, contact lists, notes, and others.
Some of these phishing attacks succeeded because the app was made to look like it was created by Microsoft and was an official application. The environment is geared towards the modularity provided by third-party apps, either created by companies or available on the Office 365 Store, and customers are used to installing apps regularly.
Clever hacking via domain name
The hackers used a clever technique where the app’s installation link took users initially to the official Microsoft login page, then redirecting them to the malicious app after the authentication succeeded, providing the impression that users are using a Microsoft-vetted application. This case also marks the fourth time in the past year that Microsoft filed a legal case to take down malicious domains.
The COVID-19 pandemic has become as contagious as the virus itself, with headlines spreading across multiple media outlets. For instance, CNN.com hosts over 1,200 articles that mention the disease, and a basic search on the website of The Financial Times will produce more than 1,100 results.
The ongoing pandemic and web users
As the virus spreads worldwide, people will naturally search online for the latest information and updates on its effect on them, and what they must do to protect themselves and their families. Cyber-criminals are quick to take advantage of these concerns for their gain.
Hackers around the globe have found that the Coronavirus serves them well, enabling them to proceed with their nefarious activities with a lack of regard to its effect on the global community. The Global Threat Index for January 2020 reveals that cyber-criminals are continuously exploiting interest in the global epidemic to spread malicious activities, with several spam campaigns relating to the outbreak of the virus.
There seems to be no end to hackers and their ways, so the only solution is for users to be more vigilant when visiting websites and for those websites to ensure that their domain name is not named like or associated with those domain names. If you’re looking to take your business online for the first time or looking for your next domain, consider the pointers above before proceeding with domain search so you don’t end up looking like an illegitimate or a nefarious business.