Microsoft Takes Control of Domains Exploiting COVID-19 Crisis in Phishing Attacks


By: Barry Miller

Microsoft now controls several domain names that, according to the company, were used in attempts to get personal information from Microsoft account holders during the COVID-19 crisis.

A Virginia federal court issued a temporary restraining order July 7, finding good cause to believe that two John Doe defendants would likely violate federal law by using the domain names in phishing attacks. That order directed the registries to give Microsoft control over the hosting and administration of the offending internet domains.

The Court also unsealed Microsoft’s complaint. It alleges that the John Doe Defendants registered the domains such as “,” and “,” using them to send emails “designed to look like they come from an employer or other trusted source.”

Links in those emails, if clicked, would lead the victim to servers hosting malicious web applications that interacted with Office 365 services. Those applications granted the criminals access to Office 365 accounts holding “email, contacts, notes and material stored in the victims’ One Drive for Business” or SharePoint, according to the complaint.

Microsoft’s Digital Crimes Unit began investigating these criminals in December 2019, according to a blog post from Tom Burt, Corporate Vice President, Customer Security and Trust. It blocked their activity but continued to monitor them. “Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19 related lures in the phishing emails to target victims,” Mr. Burt’s post stated.

His post cited the FBI’s 2019 Internet Crime Report stating business email compromise attacks (BECs) are the most expensive complaints the Internet Crime Complaint Center receives. The FBI attributed losses exceeding $1.7 billion to BECs.

Mr. Burt pledged that Microsoft would continue to investigate and disrupt cybercriminals, but reminded users that cyber threats continue to evolve, making it “more important than ever to remain vigilant against cyber attacks.”

If you have questions or would like more information, please contact Barry Miller at

Additional Information:

FMG has formed a Coronavirus Task Force to provide up-to-the-minute information, strategic advice, and practical solutions for our clients. Our group is an interdisciplinary team of attorneys who can address the multitude of legal issues arising out of the coronavirus pandemic, including issues related to Healthcare, Product Liability, Tort Liability, Data Privacy, and Cyber and Local Governments. For more information about the Task Force, click here.

You can also contact your FMG relationship partner or email the team with any questions at

**DISCLAIMER: The attorneys at Freeman Mathis & Gary, LLP (“FMG”) have been working hard to produce educational content to address issues arising from the concern over COVID-19. The webinars and our written material have produced many questions. Some we have been able to answer, but many we cannot without a specific legal engagement. We can only give legal advice to clients.  Please be aware that your attendance at one of our webinars or receipt of our written material does not establish an attorney-client relationship between you and FMG. An attorney-client relationship will not exist unless and until an FMG partner expressly and explicitly states IN WRITING that FMG will undertake an attorney-client relationship with you, after ascertaining that the firm does not have any legal conflicts of interest.  As a result, you should not transmit any personal or confidential information to FMG unless we have entered into a formal written agreement with you. We will continue to produce education content for the public, but we must point out that none of our webinars, articles, blog posts, or other similar material constitutes legal advice, does not create an attorney client relationship and you cannot rely on it as such. We hope you will continue to take advantage of the conferences and materials that may pertain to your work or interests.**