What you need to know
- Certain domains are being used to impersonate Microsoft customers in attempts to commit fraud.
- Microsoft pursued a court order to take down these domains.
- It secured the court order.
Microsoft's Digital Crimes Unit (DCU) secured a victory via its acquisition of a court order that demands domain registrars disable their services for hosted domains partaking in Microsoft impersonation activities. What that means: Domain registrars with domain names like "MICROS0FT.com" (wherein the second "o" is replaced with an "0") are being hunted down by Microsoft, which now has a court order to back up its takedown demands.
These malicious imposter (otherwise known as homoglyph) domains impersonate legitimate businesses' customers — in this case, Microsoft's — and trick said customers' contacts into approving or sending payments.
In a specific case that caught Microsoft's DCU's attention, impersonators became aware of an Office 365 customer who'd had their account compromised and had been emailing for support on payment processing. The fraudsters then injected themselves into the mix, sending a typo-riddled email attempting to swindle a payment out of their target.
And though one might think rampant typos and grammar issues are an obvious tell of suspicious activity, don't forget the kinds of emails Microsoft sends people when they have issues with, say, the Microsoft Store. Broken English isn't exactly a guarantee that one is dealing with a Microsoft imposter, sad as that may be.
So what was the dead giveaway, in the case of this Office 365 customer's situation, if not the email's body text? It was a single character in the mail exchange domain.
To see the full email and learn more about the war Microsoft is waging on homoglyphs, check out the Microsoft blog post on the topic. Microsoft has fired a loud warning shot directed toward those who plan on using lookalike domains to commit cyber fraud.
