Microsoft Removes Domains Used to Scam Office 365 Users

July 21, 2021

Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s clients.

The domains captured by Microsoft were so-called “homoglyph” domains, which were registered as legitimate businesses and allowed fraudsters to pose as companies while communicating with their customers.

According to the complaint filed by Microsoft last week, they used the domains registered via NameSilo LLC and KS Domains Ltd. / Key-Systems GmbH as a malicious infrastructure in BEC attacks on Office 365 customers and services.

According to Microsoft, the criminals behind this campaign are “part of a massive network that appears to be based out of West Africa” and have mainly targeted North American small businesses operating in multiple industries.

This is not the first time that Microsoft has seen such incidents. In the past, Microsoft 365 Defender researchers disrupted the cloud-based infrastructure used by another massive BEC campaign.

In some cases, the methods of BEC fraudsters seem to lack sophistication, and their phishing emails may look distinctly malicious to some. BEC attacks are behind the record-breaking financial losses since 2018.

The FBI’s annual report on cybercrime lists a record $1.8 billion in losses reported last year alone.

In March, the FBI also warned of BEC attacks increasingly targeting U.S. state, local, tribal and territorial government units.

In other warnings sent out last year, the FBI warned of BEC scammers abusing automatic email forwarding and cloud email services such as Microsoft Office 365 and Google G Suite in their criminal activities.

For more information, read the original story in BleepingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn