Microsoft has seized a number of phishing domains in an attempt to disrupt cybercriminals who recently switched targets to take advantage of the COVID-19 pandemic.

In response to a civil suit brought by the tech giant, the U.S. District Court for the Eastern District of Virginia issued an order that let Microsoft take control of the domains, according to a blog post penned by Tom Burt, company corporate vice president, customer security and trust.

The Microsoft Digital Crimes Unit (DCU) discovered the criminals behind attempts to access customer email, contact lists, sensitive documents and the like in December before the pandemic hit and took steps to block the activity.

But more recently the same criminals re-emerged using Covid-19 as a lure. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.

“This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years,” Burt wrote.

Victims clicking on deceptive links ultimately received a prompt to grant access permissions to a likely familiar-looking but malicious web app. From there the cybercriminals could gain access a victim’s Microsoft Office 365 account. “This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” Burt said.

“Microsoft’s seizure of phishing domains illustrates the vital importance of using real brands in security awareness training, because the bad guys know that cybercrime is fundamentally about fraud, deception, manipulation and psychology,” said Colin Bastable, CEO at Lucy Security, who explained that during live demos, his company’s phishing simulations using spoof emails were able to regularly breach the defenses of Office 365. “Technology cannot solve this problem: trained and alert people who are regularly “patched” by realistic, simulated and varied phishing attacks are an essential component in every CISO’s toolbox,” said Bastable. “97 percent of cyber losses are initiated by some form of social engineering – over 90 percent by email.”