Microsoft has won a court order letting it seize domain names used in phishing scams referencing the coronavirus, the company announced Tuesday.
The company first spotted the criminal organization using phishing attacks in December to try to hijack Microsoft customer accounts and steal data, according to a blog post from Tom Burt, Microsoft’s corporate vice president for customer security and trust. It was able to block the criminals and disable an app they were using, but they recently launched new attacks with phishing emails referencing the virus, including some referencing a “COVID-19 bonus,” according to the post.
When users clicked links in the messages, they were prompted to give a web app associated with the scam access to their Office 365 accounts, including their contacts, emails, and files stored in the cloud. Through a court order issued by a Virginia federal judge in a civil suit brought by Microsoft, the company was able to seize and disable domains used in the attack.
“As we’ve observed, cybercriminals have been adapting their lures to take advantage of current events, using COVID-19-related themes to deceive victims,” Burt wrote. “While the lures may have changed, the underlying threats remain, evolve and grow, and it’s more important than ever to remain vigilant against cyberattacks.”
Microsoft advised customers to enable two-factor authentication and security alerts where possible and to stay informed about how to detect and avoid phishing attacks.