Microsoft Sues To Block 'COVID-19 Themed' Phishing Scheme

By Emma Whitford
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Consumer Protection newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (July 7, 2020, 6:59 PM EDT) -- A Virginia court has unsealed documents related to Microsoft's recent efforts to prevent alleged cybercriminals from stealing its users' personal information through a "COVID-19 themed" phishing campaign, the company said.

Two unnamed defendants allegedly used professional-seeming domains — including, and — and tricked victims with emails "designed to look like they come from an employer," according to a June 30 complaint unsealed this week.

The company said its digital crimes unit managed to block other alleged phishing attempts by the same defendants last year. Recently, however, the defendants have allegedly sent pandemic-related emails to millions of customers, meriting legal action, Microsoft said.

"This unique civil case ... has allowed us to proactively disable key domains that are part of the criminals' malicious infrastructure, which is a critical step in protecting our customers," Microsoft wrote Monday in a blog post about the case.

U.S. District Judge Liam O'Grady issued a temporary restraining order on July 1 giving domestic domain registries five business days to "unlock" the domains involved in the alleged scheme and hand control to Microsoft, court records show.

Judge O'Grady also issued an order to show cause on July 1, stating the defendants must appear by telephone conference on July 10 as the court considers a preliminary injunction blocking alleged phishing activities for the duration of the case.

The alleged phishing emails included messages meant to "exploit pandemic-related financial concerns," the company said Monday, with terms like "COVID-19 Bonus."

Victims who clicked these links were allegedly prompted to grant access to "malicious web apps" which the defendants then used to access Microsoft 365 accounts, according to the company. This was achieved "without explicitly requiring the victims to directly give up their login credentials," as they might through a "traditional phishing campaign," according to Microsoft.

Microsoft 365 accounts contain emails, contacts and work-related cloud storage, the company said.

According to the complaint, successful attacks could empower the defendants to send out "deceptive emails" from a victim's account, monitor a victim's transactions in order to commit wire fraud and steal financial information.

Microsoft's claims for relief include unjust enrichment, violation of the federal Computer Fraud and Abuse Act, and trademark infringement and dilution under the Lanham Act, court records show.

Requested relief includes a permanent injunction barring the defendants from engaging in the alleged phishing, as well as permanent control over the involved domains.

Microsoft is represented by Julia Milewski, Matthew Welling and Gabriel M. Ramsey of Crowell & Moring LLP.

Counsel information for the defendants was not immediately available.

The case is Microsoft Corp. v. John Does 1-2, controlling a computer network and thereby injuring plaintiff and its customers, case number 1:20-cv-730, in the U.S. District Court for the Eastern District of Virginia.

--Editing by Marygrace Murphy.

For a reprint of this article, please contact

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!