If cybercriminals were creating illegitimate websites to impersonate your brand and steal victims’ information—would you shut down those sites if you could?
That’s exactly what Microsoft did when it took control of 99 websites that Iranian hackers used to try to steal sensitive information from targeted victims, namely United States employees in the public and private sectors. According to Microsoft, the hackers “specifically directed” their attacks on government agencies in Washington.
Here’s what happened
By posing as Microsoft properties—LinkedIn, HotMail and OneDrive—Iranian hackers accessed the private information of unknowing Microsoft users. These hackers used spear-phishing email campaigns to lure users into clicking on malicious links to the group’s malicious website or attachment in an effort to break into their personal accounts.
Microsoft took legal action and asked to gain control of the sites due to damage to its brand and trademarks by impersonating its products to trick victims. A temporary restraining order that let Microsoft take over the websites on March 15, 2019, was granted by Judge Amy Berman Jackson of the United States District Court in Washington.
What is spear-phishing?
The Iranian hackers used spear phishing to send emails and social media links to victims by imitating the people or institutions they may know. These spear phishing attacks enticed users to click on links in an attempt to gather personal information. This allowed the hackers to spy on the victims’ accounts or urged victims to enter their login credentials, which the hackers then later used to log into official systems. In doing so, the Iranian hackers impersonated various Microsoft products, including LinkedIn, Hotmail, and OneDrive.
“It’s recommended that consumers only share personal information and passwords with known or reputable sites, but hackers are going as far as impersonating people in our personal networks to pull users to these malicious sites. To ensure the site is reputable, a couple of ways users can spot a malicious site is by looking for “https” in the URL and reviewing the site for broken links or typos,” says Monique Becenti, SiteLock’s Product Marketing Specialist.
What does this say about our government security and the rising threat of foreign attacks?
This isn’t the first time Microsoft has experienced nation-state attacks and it goes to show that even one of the biggest and most sophisticated technology companies in the world can’t prevent these types of attacks.
“While often viewed as the low hanging fruit of political espionage, infected websites can easily create distrust and chaos in the political process. Bad actors know websites are often the weakest link and have infiltrated this time and time again. Website attacks are becoming increasingly complex and evolving at a fast rate. It’s time for us to reassess how much care and priority website security gets,” says Becenti.
Are there ethical issues at hand? You decide.
Should big tech companies be granted the power to take over accounts without notifying the rightful owner? How much power is too much? Microsoft seized the impersonated websites to protect its brand and prevent future attacks, which was the right thing to do—but could this be considered an abuse of power?
With recent breaches from tech giants like Facebook, we know that people no longer have control over their data. Could the same be true for their websites? If Microsoft or other big tech companies have the power to seize our websites or accounts, what else can they control?
Follow @SiteLock on Twitter to join the conversation and weigh in.