Microsoft’s Digital Crimes Unit has secured a court order to take down “homoglyph” – or imposter – domains used in a variety of cyber attacks
A judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable a variety of domains that have been used to impersonate Microsoft customers.
Microsoft identified 17 such domains registered with third parties.
“The targets are predominantly small businesses operating in North America across several industries,” the company explains.
“Based on the techniques deployed, the criminals appear to be financially motivated, and we believe they are part of an extensive network that appears to be based out of West Africa.
“These fraudulent domains, together with stolen customer credentials, were used by cybercriminals to unlawfully access and monitor accounts. The group proceeded to gather intelligence to impersonate these customers in an attempt to trick victims into transferring funds to the cybercriminals.
“Once the criminals gained access to a network, they imitated customer employees and targeted their trusted networks, vendors, contractors and agents in an effort to deceive them into sending or approving fraudulent financial payments.”