The cybercriminals send out e-mails promising users COVID-19 financial relief. These e-mails urged users to click on a phishing link and took users to a fake Microsoft account log-in page:
The court order filed with the U.S. District Court for the Eastern District of Virginia lists domains such as officesuitesoft.com, officemtr.com and more. These domains were similar to Microsoft's own services and allowed attackers to dupe victims into thinking they are accessing genuine Microsoft Office services. The court ruled in favour of Microsoft which allowed the company to take control of the domains and remove the websites without tipping off the criminals.