Skip to main content

Microsoft goes to court to combat imposter domains

The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington.
The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington. (Image credit: Stephen Brashear/Getty Images for Microsoft)

What you need to know

  • Certain domains are being used to impersonate Microsoft customers in attempts to commit fraud.
  • Microsoft pursued a court order to take down these domains.
  • It secured the court order.

Microsoft's Digital Crimes Unit (DCU) secured a victory via its acquisition of a court order that demands domain registrars disable their services for hosted domains partaking in Microsoft impersonation activities. What that means: Domain registrars with domain names like "MICROS0FT.com" (wherein the second "o" is replaced with an "0") are being hunted down by Microsoft, which now has a court order to back up its takedown demands.

These malicious imposter (otherwise known as homoglyph) domains impersonate legitimate businesses' customers — in this case, Microsoft's — and trick said customers' contacts into approving or sending payments.

In a specific case that caught Microsoft's DCU's attention, impersonators became aware of an Office 365 customer who'd had their account compromised and had been emailing for support on payment processing. The fraudsters then injected themselves into the mix, sending a typo-riddled email attempting to swindle a payment out of their target.

And though one might think rampant typos and grammar issues are an obvious tell of suspicious activity, don't forget the kinds of emails Microsoft sends people when they have issues with, say, the Microsoft Store. Broken English isn't exactly a guarantee that one is dealing with a Microsoft imposter, sad as that may be.

So what was the dead giveaway, in the case of this Office 365 customer's situation, if not the email's body text? It was a single character in the mail exchange domain.

To see the full email and learn more about the war Microsoft is waging on homoglyphs, check out the Microsoft blog post (opens in new tab) on the topic. Microsoft has fired a loud warning shot directed toward those who plan on using lookalike domains to commit cyber fraud.

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.