Microsoft takes down hundreds of malicious websites used in phishing scams

News
By
published

Domains used by ONNX customers were used to target victims worldwide

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)
  • The Microsoft Digital Crimes Unit has seized 240 fraudulent sites
  • The sites were used by ONNX to sell phishing templates
  • Phishing attacks target millions of users per month

Millions of phishing emails targeting victims every day use ‘do it yourself’ phishing kits developed by Egypt-based ONNX - but the Microsoft Digital Crimes Unit has now seriously disrupted this operation, seizing 240 fraudulent websites used to help sell Phishing-as-a-Service (PaaS) kits.

Phishing poses a real threat to individuals and organizations alike, with successful phishing attacks delivering devastating financial and data loss. Cybercriminals have taken this further by developing ‘kits’ to sell to other criminals to help develop widespread phishing campaigns and bypass security measures by intercepting MFA requests.

The attacks that originate from the ‘do it yourself’ kits represent a significant portion of the tens of millions of phishing attacks Microsoft accounts receive each month. The ONNX operation is one of the top five phish kit providers by email volume in 2024, according to Microsoft’s digital defense reports, so the disruption is significant.

Name and shame

Microsoft has decided to publicly name the individual behind the storefront, Abanoub Nady (known online as “MRxC0DER”), who has been tied to the operation as far back as 2017, and is well established in the PaaS sphere.

ONNX offers a tiered subscription service, with basic, professional, and enterprise plans - which are promoted, sold, and configured through Telegram, and they even provide ‘how to’ videos for criminals to properly implement the phishing kits.

Many of the kits used a technique called ‘quishing’, or QR code phishing, which prompts users to scan codes where they are redirected to malicious fake websites to enter personal or payment information.

“As we’ve said before, no disruption is complete in one action. Effectively combatting cybercrime requires persistence and ongoing vigilance to disrupt new malicious infrastructure,” said Assistant General Counsel, Microsoft’s Digital Crimes Unit, Steven Masada.

“While today’s legal action will substantially hamper the fraudulent ONNX’s operations, other providers will fill the void, and we expect threat actors will adapt their techniques in response.”

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.