Homoglyph Domains used in BEC Scams Shut Down by Microsoft

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
17 domains used in Business Email Compromise (BEC) scams have been seized by Microsoft's Digital Crimes Unit (DCU), following an investigation by the software giant into attacks that could have stolen millions of dollars from innocent firms.

The "homoglyph" domains impersonated domains used by legitimate businesses, and were used in attempts to defraud Microsoft Office 365 customers. Homoglyph domains exploit the fact that many different characters look identical or very similar. For instance, the capital letter "O" and the number "0" (eg. MICROSOFT.COM vs MICR0S0FT.COM) or an uppercase ninth letter of the alphabet “I” and a lowercase 12th letter “l” (eg. MICROSOFT.COM vs. MlCROSOFT.COM). In the past, homoglyph attacks have also taken advantage of domains which contain Unicode characters (rather than conventional ASCII), allowing users to mistake - for instance - the Cyrillic "а" (U+0430) the ASCII character "a" (U+0061). They may look the same but they are different characters!

In a blog post, Microsoft said that it continued to see homoglyph domains used in BEC scams, nation state activity, and the distribution of malware and ransomware. As Microsoft explains in legal documents, attacks often combined with phishing attacks to steal credentials and break into the accounts of customers
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top