Microsoft secures court order to take down malicious ‘homoglyph’ domains
Microsoft has secured a court order to take down several malicious “homoglyph” domains that were used to impersonate Office 365 customers and commit fraud.
The technology giant filed a case earlier this month after it uncovered cybercriminal activity targeting its customers. After receiving a customer complaint about a business email compromise attack, a Microsoft investigation found that the unnamed criminal group responsible created 17 additional malicious domains, which were then used together with stolen customer credentials to unlawfully access and monitor Office 365 accounts in an attempt to defraud the customers’ contacts.
Microsoft confirmed in a blog post published Monday that a judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable service on the malicious domains, which include “thegiaint.com” and “nationalsafetyconsuiting.com,” which were used to impersonate its customers.
These so-called “homoglyph” domains exploit the similarities of some letters to create deceptive domains that appear legitimate. For example, using an uppercase “I” and a lowercase “l” (e.g. MICROSOFT.COM vs. MlCROSOFT.COM).
