July 21, 2021

Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s clients.

The domains captured by Microsoft were so-called “homoglyph” domains, which were registered as legitimate businesses and allowed fraudsters to pose as companies while communicating with their customers.

According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd. / Key-Systems GmbH as a malicious infrastructure in BEC attacks on Office 365 customers and services.

According to Microsoft, the criminals behind this campaign are “part of a massive network that appears to be based out of West Africa” and have mainly targeted North American small businesses operating in multiple industries.

This is not the first time that Microsoft has seen such incidents. In the past, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another massive BEC campaign.

In some cases, the methods of BEC fraudsters seem to lack sophistication, and their phishing emails may look distinctly malicious to some. BEC attacks are behind the record-breaking financial losses since 2018.

The FBI’s annual report on cybercrime lists a record $1.8 billion in losses reported last year alone.

In March, the FBI also warned of BEC attacks increasingly targeting U.S. state, local, tribal and territorial government units.

In other warnings sent out last year, the FBI warned of BEC scammers abusing automatic email forwarding and cloud email services such as Microsoft Office 365 and Google G Suite in their criminal activities.

For more information, read the original story in BleepingComputer.