Microsoft specialists reported that they managed to take offline 17 domains with homoglyphs belonging to scammers. Domains have been used to compromise corporate communications (BEC) and to attack some Office 365 customers.
According to court documents, all closed domains were deliberately registered using homoglyphs – graphically the same or similar characters with different meanings. For example, the most common homoglyphs used by hackers are based on replacing uppercase “I” with lowercase “l” or “0” with uppercase “O”.Thus, domains are disguised as resources of real companies and organizations, but in reality, their spelling is slightly different.
Domain list
Investigators believe that the hack group behind these attacks came from West Africa and used homoglyph domains to impersonate employees or executives of various companies, and then trick other employees, their customers or contractors into sending their payments to the address of the scammers.
Example of a scam letter
According to the FBI’s annual report on Internet crimes, in 2020, as in previous years, the largest number of problems were associated with the so-called EAC and BEC scams (Email Account Compromise and Business Email Compromise). Last year, such scams caused $1.8 billion in losses, which accounted for about 43% of all funds lost over the past year.
Let me remind you that we also talked about the fact that Microsoft took control over 50 domains of the Thallium grouping.
