Law360 (July 7, 2020, 6:59 PM EDT) -- A Virginia court has unsealed documents related to Microsoft's recent efforts to prevent alleged cybercriminals from stealing its users' personal information through a "COVID-19 themed" phishing campaign, the company said.
Two unnamed defendants allegedly used professional-seeming domains — including officeinventorys.com, officesuitesoft.com and officesuited.com — and tricked victims with emails "designed to look like they come from an employer," according to a June 30 complaint unsealed this week.
The company said its digital crimes unit managed to block other alleged phishing attempts by the same defendants last year. Recently, however, the defendants have allegedly sent pandemic-related emails to millions of customers, meriting legal action, Microsoft said.
"This unique civil case ... has allowed us to proactively disable key domains that are part of the criminals' malicious infrastructure, which is a critical step in protecting our customers," Microsoft wrote Monday in a blog post about the case.
U.S. District Judge Liam O'Grady issued a temporary restraining order on July 1 giving domestic domain registries five business days to "unlock" the domains involved in the alleged scheme and hand control to Microsoft, court records show.
Judge O'Grady also issued an order to show cause on July 1, stating the defendants must appear by telephone conference on July 10 as the court considers a preliminary injunction blocking alleged phishing activities for the duration of the case.
The alleged phishing emails included messages meant to "exploit pandemic-related financial concerns," the company said Monday, with terms like "COVID-19 Bonus."
Victims who clicked these links were allegedly prompted to grant access to "malicious web apps" which the defendants then used to access Microsoft 365 accounts, according to the company. This was achieved "without explicitly requiring the victims to directly give up their login credentials," as they might through a "traditional phishing campaign," according to Microsoft.
Microsoft 365 accounts contain emails, contacts and work-related cloud storage, the company said.
According to the complaint, successful attacks could empower the defendants to send out "deceptive emails" from a victim's account, monitor a victim's transactions in order to commit wire fraud and steal financial information.
Microsoft's claims for relief include unjust enrichment, violation of the federal Computer Fraud and Abuse Act, and trademark infringement and dilution under the Lanham Act, court records show.
Requested relief includes a permanent injunction barring the defendants from engaging in the alleged phishing, as well as permanent control over the involved domains.
Microsoft is represented by Julia Milewski, Matthew Welling and Gabriel M. Ramsey of Crowell & Moring LLP.
Counsel information for the defendants was not immediately available.
The case is Microsoft Corp. v. John Does 1-2, controlling a computer network and thereby injuring plaintiff and its customers, case number 1:20-cv-730, in the U.S. District Court for the Eastern District of Virginia.
--Editing by Marygrace Murphy.
For a reprint of this article, please contact firstname.lastname@example.org.