Six domains used in COVID-19 phishing attacks seized

Through court order, Microsoft has obtained control of six domains that were used in phishing operations aimed toward Office 365 customers. These phishing operations used COVID-19 as a lure.

This two-person phishing operation has been targeting Microsoft’s customers since December 2019.

These hackers would send emails to companies that hosted email services and enterprise infrastructure using Microsoft’s Office 365 cloud service.

The emails that the duo sent were spoofed in order to look like they came from co-workers in their company, or a trusted business partner.

Those emails contained an Office file that, when opened, would redirect the user to install a malicious third-party Office 365 app that the hackers created.

If the app was installed, the hackers were granted full access to the victim’s Office 365 account, all account settings, and the user’s files. On top of that, the content of their emails, contact lists, and notes were also fully accessible.

By accessing the user’s accounts this way, the hackers did not need to collect the user’s passwords.

The app itself was made to look like it was created by Microsoft. It appeared to be an official and safe-to-use application.

These hackers used a clever trick that initially took users to the official Microsoft login page, then redirected them to the malicious app once the login authentication succeeded.

The six domains Microsoft seized that were used to host the malicious Office 365 apps are officeinventorys.com, officehnoc.com, officesuited.com, officemtr.com, officesuitesoft.com, and mailitdaemon.com.

Initially, the hackers used a business-related theme in their operations, but switched to a COVID-19 theme once the global pandemic became prevalent.

Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft, stated in a blog post that the malicious third-party apps were used to gain insights into victims’ inner structure in order for the attackers to follow up with BEC attacks.

Business Email Compromise (BEC) is a form of cybercrime that starts with the hackers posing as employees in the same company as the victims. The hackers then ask victims to make business transactions that usually end up in the attacker’s bank accounts.

As per the FBI, in 2019 companies lost $1.77 billion to BEC scams, with an average loss of $75,000 per report.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648

Published On: July 24, 2020Categories: Microsoft, News, Privacy, Security

Related Posts

How AI Threatens Cybersecurity in 2024

How AI Threatens Cybersecurity in 2024

March 26, 2024
5 Best Practices For Small Business Network Security

5 Best Practices For Small Business Network Security

February 20, 2024|0 Comments
Security of Cloud Storage: Is My Data Safe in the Cloud?

Security of Cloud Storage: Is My Data Safe in the Cloud?

November 14, 2023|0 Comments
Critical Outlook Vulnerability and Emergency Update

Critical Outlook Vulnerability and Emergency Update

March 23, 2023|0 Comments