HomeWinBuzzer NewsMicrosoft Digital Crimes Unit Can Now Demand Removal of Imposter Domains

Microsoft Digital Crimes Unit Can Now Demand Removal of Imposter Domains

Microsoft Digital Crimes Unit has secured a court order that allows it to pursue and take down imposter domains from domain registrars.


is preventing domain registrars from allowing hosted domains that engage in trying to copy the company. In a victory for the Redmond tech giant, Microsoft Digital Crimes Unit (DCU) won a court order that forces the domain registrars to disable such services.

For example, if a domain registrar allows a name such as “MICR0S0FT-0ffice.com, Microsoft is allowed to track them down and demand they are removed. Our example is overkill to emphasize the method, attackers will be much more subtle.

Known as homoglyph domains, some of these imposter domains are relatively harmless trolling of Microsoft. However, there are others that are used for malicious purposes. For example, a threat actor will create a website domain that looks like if may be official to fool users into visiting the site.

Microsoft says these malicious sites will then trick users into handing over their personal information, payments, and system access.


The Digital Crimes Unit points to a specific case that exemplifies Microsoft's concerns. Specifically, bad actors somehow learned of a Microsoft Office 365 customers who had been compromised. This customer sending emails to Microsoft support regarding payment processing.

It is unclear how the attackers knew this, but they were able to send an email from an imposter domain to try to fool the customer. The email was full of poor English, but that is not always a sign of an imposter email. All other aspects seemed fine, including the same subject line as previous official correspondence and the same sender name.

The one difference was a single changed letter in the exchange domain. The attackers hope the victim will not notice and comply with the demands they are making (in this case, to make a payment or risk account closure). It seems the victim was this time able to sport the fraud and Microsoft could then issue a take down order to prevent the domain going elsewhere.  

Tip of the day: Do you know that Windows 10 now has a package manager similar to Linux called “Winget”? In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News