For example, if a domain registrar allows a name such as “MICR0S0FT-0ffice.com, Microsoft is allowed to track them down and demand they are removed. Our example is overkill to emphasize the method, attackers will be much more subtle. Known as homoglyph domains, some of these imposter domains are relatively harmless trolling of Microsoft. However, there are others that are used for malicious purposes. For example, a threat actor will create a website domain that looks like if may be official to fool users into visiting the site. Microsoft says these malicious sites will then trick users into handing over their personal information, payments, and system access.
Fraud
The Digital Crimes Unit points to a specific case that exemplifies Microsoft’s concerns. Specifically, bad actors somehow learned of a Microsoft Office 365 customers who had been compromised. This customer sending emails to Microsoft support regarding payment processing. It is unclear how the attackers knew this, but they were able to send an email from an imposter domain to try to fool the customer. The email was full of poor English, but that is not always a sign of an imposter email. All other aspects seemed fine, including the same subject line as previous official correspondence and the same sender name. The one difference was a single changed letter in the exchange domain. The attackers hope the victim will not notice and comply with the demands they are making (in this case, to make a payment or risk account closure). It seems the victim was this time able to sport the fraud and Microsoft could then issue a take down order to prevent the domain going elsewhere. Tip of the day: Do you know that Windows 10 now has a package manager similar to Linux called “Winget”? In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.
