Microsoft Stops Seventeen Domains that Used Homoglyphs for Attacks

domains with homoglyphs
Written by Emma Davis

Microsoft specialists reported that they managed to take offline 17 domains with homoglyphs belonging to scammers. Domains have been used to compromise corporate communications (BEC) and to attack some Office 365 customers.

According to court documents, all closed domains were deliberately registered using homoglyphs – graphically the same or similar characters with different meanings. For example, the most common homoglyphs used by hackers are based on replacing uppercase “I” with lowercase “l” or “0” with uppercase “O”.

Thus, domains are disguised as resources of real companies and organizations, but in reality, their spelling is slightly different.

The investigation began with a customer complaint about the BEC attack and soon revealed that the same criminal group had created 17 malicious domains with homoglyphs that were registered to third parties,” “The defendants are using malicious homoglyphic domains along with stolen customer credentials to illegally access their accounts, track email traffic, collect information about pending financial transactions, and impersonate O365 users. All this in an attempt to get the victims to transfer their funds to the cybercriminals.Microsoft said.
domains with homoglyphs

Domain list

Investigators believe that the hack group behind these attacks came from West Africa and used homoglyph domains to impersonate employees or executives of various companies, and then trick other employees, their customers or contractors into sending their payments to the address of the scammers.

domains with homoglyphs

Example of a scam letter

According to the FBI’s annual report on Internet crimes, in 2020, as in previous years, the largest number of problems were associated with the so-called EAC and BEC scams (Email Account Compromise and Business Email Compromise). Last year, such scams caused $1.8 billion in losses, which accounted for about 43% of all funds lost over the past year.

Let me remind you that we also talked about the fact that Microsoft took control over 50 domains of the Thallium grouping.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.