Microsoft grabs COVID-19 scammers; Legal action initiated

By Rahul Vaimal, Associate Editor
  • Follow author on
Microsoft HQ Image
Representational Image

The East Virginia District Court in the USA allowed global software giant Microsoft to take control of key domains used by cybercriminals who had deployed a COVID-19 themed phishing campaign targetted at Microsoft customers.

According to Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust, the perpetrators attempted to deceive customers in 62 countries by using COVID-19 related baits in phishing emails.

For example, the hackers created a misleading Microsoft Excel link with the term “COVID-19 bonus,” and users who clicked on the link were asked to grant access permissions to a malicious web application.

Sample Microsoft COVID-19 Scam Email
Similar Microsoft COVID-19 Scam emails were used to redirect users to malicious web apps to steal credentials.

“This unique civil case against COVID-19-themed BEC [business email compromise] attacks has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers,” Mr. Burt penned in a blog post yesterday.

The complex phishing campaign was intended to endanger thousands of Microsoft customer accounts and gain access to customer email, contact lists, sensitive documents and other personal information in an effort to exfiltrate information, re-direct wire transfers and launch further cybercrime from compromise accounts, according to a 27-page U.S. District Court complaint unsealed yesterday.

Sample Microsoft COVID-19 Scam Email
Another example for Microsoft COVID-19 Scam email

The misleading emails are designed to look like they came from an employer, and misuse Microsoft’s name and trademark to further induce victims to click on the links.

These offenders were first recognized in December 2019 when they deployed a complicated new phishing scheme designed to compromise Microsoft customer accounts which were subsequently identified and stopped nu the Microsoft team. Hackers who began their activity with “Q4 Report – Dec19.” titles later moved to themes related to “COVID-19” to target Microsoft and its customers in the second attempt.

The scale of these phishing attacks was immense where millions of Microsoft 365 users were sent phishing emails within a week.