Microsoft specialists reported that they managed to take 17 domains that belonged to scammers offline. Domains have been used to compromise corporate communications (BEC) and to attack some Office 365 customers.
According to court documents, published by The Record, all private domains were deliberately registered using homoglyphs – graphically the same or similar characters with different meanings. For example, the most common homoglyphs used by hackers are based on replacing uppercase “I” with lowercase “l” or “0” with uppercase “O”. Thus, domains are disguised as resources of real companies and organizations, but in reality their spelling is slightly different.
“The investigation began with a customer complaint about the BEC attack and soon revealed that the same criminal group had created 17 malicious domains with homoglyphs that were registered to third parties,” Microsoft said. “The defendants are using malicious homoglyphic domains along with stolen customer credentials to illegally access their accounts, track email traffic, collect information about pending financial transactions, and impersonate O365 users. This is all in an attempt to get the victims to transfer their funds to the criminals. ”
Investigators believe that the hack group behind these attacks came from West Africa and used homoglyph domains to impersonate employees or executives of various companies, and then trick other employees, their customers or contractors into sending their payments to the address of the scammers.
According to the FBI’s annual report on Internet crimes, in 2020, as in previous years, the largest number of problems were associated with the so-called EAC and BEC scams (Email Account Compromise and Business Email Compromise). Last year, such scams caused losses of $ 1.8 billion, which was about 43% of all funds lost over the past year.