A massive scam related to COVID-19 that targeted millions of Office 365 users in 62 countries was stopped by Microsoft's digital crimes unit.
The department is almost like a police department. There's even an evidence room. It's an office that is only known to the people whose job it is to investigate attacks on Microsoft customers. They're a small group, but they're mighty.
Tom Burt, the Corporate Vice President for Customer Security and Trust, said the team is comprised of "lawyers, forensic investigators data analysts, business people."
Burt is in charge of the cybersecurity team that goes after cybercriminals. Their job is to find, intercept and then help law enforcement stop the scam artists in their tracks.
"(We're) looking for things that we shouldn't be seeing in the data relevant to how Office 365 was being used by our costumers," Burt said. "When we see that we can dive deeper, look at the metadata and look at the information that's streaming through our Office 365 global network — to try to find indicators of people doing bad things."
The team often uses social media to alert people to the hacks they're seeing.
Cybercriminals often target people's fears and anxiety. So, these days, the coronavirus pandemic is a good hook.
One of the recent lures was a "cure for coronavirus" or "COVID-19 safety tips" from the Red Cross. The hackers were hoping Officer 365 users would take the bait and click.
"They're able to get control of users' Office 365 accounts," Burt said. "They can then see what's going on in that account. They can act as if they're you — they can send email in your name and look to find things in your email account like passwords and other information."
Burt says the hackers are good. They do research and figure out how companies are structured and who does what. They'll look at social sites and figure out exactly who to target.
Some of the scams people were getting involved co-workers asking others to transfer money to an account.
"They're sophisticated criminals," Burt said. 'They do this work to make sure the requests look legitimate so they can be successful in stealing money."
Burt says there's an easy way to prevent phishing attacks.
"The number one thing by far is to utilize two factor authentication on all of your accounts," he said. "If you're a business,s make sure you're doing that for your business email if you're an individual, make sure you're doing it for your individual email and financial accounts."
Burt is referencing the separate codes a user gets when logging on to a website. The site will give a prompt so they can prove that they are.
The cybersecurity team says two-fact authentication will eliminate 98-99 percent of attacks.
The challenge has always been to find the cybercriminals. So, this time around, the digital unit went around them.
"We're saying, let's stop them in a different way," Burt said. "Let's take the internet tools that they're using to conduct their crime, and let's go legally take those tools away from them."
Court documents from the civil case filed in Federal Court say that Microsoft has the authority to take away the tools the hackers need to conduct their scams.
"Basically, websites, locations on the internet from which they can conduct their fraudulent activities — whether it's launching their efforts or the place where they want you to ultimately go — we go with the court order to those registrars and transfer those domains to Microsoft control," Burt said.
Doing that strips hackers' access and gives Microsoft the ability to block them.
"We took down the criminal infrastructure that was being used to defraud people in 62 countries," Burt said. "We're going to keep doing that work. We're committed. Its fun, it's fascinating and, most importantly, it protects our customers."