Microsoft takes down malicious domains used in COVID-19 related phishing campaign

Microsoft takes down malicious domains used in COVID-19 related phishing campaign

Microsoft has disrupted a major cybercriminal operation designed to take advantage of the COVID-19 pandemic and defraud victims in 62 countries around the world.

The U.S. District Court for the Eastern District of Virginia unsealed documents regarding Microsoft’s cyber activity used to take down the operation. Microsoft files a civil case that resulted in a court order authorizing Microsoft to take control of key domains involved in the cyber criminals’ infrastructure and prevent usage in future cyberattacks.

Microsoft’s Digital Crimes Unit (DCU) first spotted these criminals back in December 2019, when the bad actors deployed a new “sophisticated” phishing campaign designed to compromise Microsoft customer accounts.

“These cybercriminals designed the phishing emails to look like they originated from an employer or other trusted source and frequently targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers,” Microsoft Corporate Vice President for Customer Security & Trust, Tom Burt said.

More recently, the actors shifted to using COVID-19 pandemic based themes in their phishing campaigns.

For example, Microsoft observed one phishing email sample that used the term “COVID-19 Bonus” in an effort to trick victims into clicking on the malicious link, as noted in figure below.


After the victims click on the link, they are then prompted to grant access permissions to a malicious web application. As a result, the malicious app could then be used to access the victim’s Microsoft Office 365 account.

What is even more frightening is this scheme does not even require the victims to type in their login credentials in a fake website, like other common phishing campaigns.

Email Protections

To protect yourselft against these types of phishing campaigns, Microsoft recommends users first turn on two-factor authentication or multi-factor authentication (MFA) on all of your business and personal email accounts.

Users should also learn how to spot phishing emails by checking out these good examples.

Finally, users should enable security alerts regarding suspicious website links and files. Also, remember to check your email forwarding rules for any unauthorized or suspicious activity.

Related Links