PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Microsoft Seizes 99 Domains Used in Iranian Phishing Attacks

A group of suspected Iranian hackers created domains that appeared to be Microsoft URLs, but they were actually scam sites intended to install malware and scoop up passwords.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Microsoft would like to remind you to be wary of bogus URLs.

A group of suspected Iranian hackers are sending phishing emails that link out to sites like "outlook-verify.net" and "verify-linkedin.net," according to Microsoft. At first glance, those sites might look legit, but they send people to fake websites looking to install malware and scoop up passwords.

Redmond has taken control of 99 internet domains used by the hackers' phishing schemes. It filed a lawsuit in US district court against the anonymous hackers, claiming their spoofed internet domains enabled computer crimes against the company and its customers.

Microsoft then demanded the domain registry companies hand over access to the 99 different domains. After reviewing the evidence, the judge granted the court order.

Redmond has used this same tactic before against suspected Russian hackers. However, today's announcement was directed at an Iranian-linked group called Phosphorus or Charming Kitten. According to Microsoft, the group likes to target governments and businesses, in addition to activists and journalists. Other security researchers have noticed the group going after nuclear experts and US military contractors.

Example of Phishing Attack From Phosphorus

The phishing scheme from Phosphorus works like this: A message will appear claiming a security risk with one of your internet accounts. The message prompts you to enter your password inside a web form, which is actually under the hacker's control. In a variation of the same tactic, Phosphorus masquerades as a friendly contact on social media, and sends you a link that's actually designed to install malware to your PC.

"Both attack methods employ the use of websites that incorporate the names of well-known brands, like Microsoft, to appear authentic," Microsoft VP Tom Burt said in today's announcement. "Websites registered and used by Phosphorus include, for example, outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net."

Microsoft is now redirecting traffic from the phishing domains to a company sinkhole, which will analyze the data to better understand Phosphorus' attacks.

The news is a reminder to be careful around your inbox. Some of the most effective phishing attacks claim to come from Google, Microsoft, or Yahoo, with warnings that your account had been breached. But in reality, the whole scheme is a ruse. Enabling two-factor authentication or using a security key can help protect your account in the event your password falls into the wrong hands.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio