Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Microsoft takes down hundreds of malicious websites used in phishing scams

Cartoon Phishing.

  • The Microsoft Digital Crimes Unit has seized 240 fraudulent sites
  • The sites were used by ONNX to sell phishing templates
  • Phishing attacks target millions of users per month

Millions of phishing emails targeting victims every day use ‘do it yourself’ phishing kits developed by Egypt-based ONNX - but the Microsoft Digital Crimes Unit has now seriously disrupted this operation, seizing 240 fraudulent websites used to help sell Phishing-as-a-Service (PaaS) kits.

Phishing poses a real threat to individuals and organizations alike, with successful phishing attacks delivering devastating financial and data loss. Cybercriminals have taken this further by developing ‘kits’ to sell to other criminals to help develop widespread phishing campaigns and bypass security measures by intercepting MFA requests.

The attacks that originate from the ‘do it yourself’ kits represent a significant portion of the tens of millions of phishing attacks Microsoft accounts receive each month. The ONNX operation is one of the top five phish kit providers by email volume in 2024, according to Microsoft’s digital defense reports, so the disruption is significant.

Name and shame

Microsoft has decided to publicly name the individual behind the storefront, Abanoub Nady (known online as “MRxC0DER”), who has been tied to the operation as far back as 2017, and is well established in the PaaS sphere.

ONNX offers a tiered subscription service, with basic, professional, and enterprise plans - which are promoted, sold, and configured through Telegram, and they even provide ‘how to’ videos for criminals to properly implement the phishing kits.

Many of the kits used a technique called ‘quishing’, or QR code phishing, which prompts users to scan codes where they are redirected to malicious fake websites to enter personal or payment information.

“As we’ve said before, no disruption is complete in one action. Effectively combatting cybercrime requires persistence and ongoing vigilance to disrupt new malicious infrastructure,” said Assistant General Counsel, Microsoft’s Digital Crimes Unit, Steven Masada.

“While today’s legal action will substantially hamper the fraudulent ONNX’s operations, other providers will fill the void, and we expect threat actors will adapt their techniques in response.”

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.