Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks.
The Windows giant obtained an order from US courts allowing it to seize domains being used for phishing, having first spotted the miscreants doing their thing in December 2019.
“Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts,” said the mega-corp in a blog post this week.
Having KO’d them back then through unspecified “technical means to block the criminals’ activity and disable the malicious application used in the attack,” Redmond’s people observed them setting up again to try business email compromise attacks with a coronavirus theme.
Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers
The phishing lures included bait text such as “COVID-19 Bonus,” said Microsoft. Upon clicking links provided in the phishing emails, victims were sent to a web app demanding extra permissions. Once armed with this elevated access, the web app would then access the victims’ Office 365 accounts.
“This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” said Microsoft.
Redmond has not shied away from legal action over the years, the most high-profile sueball being its ongoing case against the American government to stop agents helping themselves to non-US customer data stored on non-US-based Microsoft servers. It’s also suing Uncle Sam for the right to tell customers when American spies are trawling through data stored on Microsoft services.