Microsoft has announced the takedown of 17 domains that a threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks. The attacks were launched by what Microsoft describes as a financially motivated group comprising at least two individuals that operated with two third parties. The group, which Microsoft did not name, is likely part of a larger network based in West Africa, and the victims were primarily small businesses in several sectors in North America. The primary tactic used by the cybercriminals was registering a domain that replaces a single character or number in a legitimate Microsoft website URL with one that looks almost identical.”]
Source: https://www.cuinfosecurity.com/microsoft-disrupts-business-email-compromise-domains-a-17114