Over the years we’ve seen all manner of ways in which fraudsters attempt to steal corporate data or funds. From full on hacking to phishing and malware, fraudsters continue to find new ways of operating. Although it is impossible to comment on every single method and instance, at NetNames we do try and keep an eye out for any ‘trends’ or ‘patterns’ of note to ensure our customers (as well as interested readers of the NetNames blog) are kept generally aware.
One of the recent trends that is worth bringing to light uses hyphenated or mistyped versions of a companys' domain name and the name of a Senior Exec or member of staff to extract funds or sensitive data.
Take for instance the fictitious company 'brandprotection.com’, which has a Chief Finance Officer by the name of John Smith. As an example, brandprotection.com receives a call to one of their satellite offices from someone purporting to be John Smith. Mr Smith says that he is in the country on business, the travel agency the company normally uses was having technical issues and he needs some flights booking. Using the email address firstname.lastname@example.org (note the hyphen) details of the travellers and their flight requirements were emailed through and $10,000 of flights are booked as requested.
This time let’s assume the company name is ‘Not Allowed’ and their main URL is notallowed.com, where John Smith is again the CFO. Replacing the ‘L’s with ‘i’s turns the domain into notaiiwed.com or ‘notaIIowed.com’ when you type the ‘i’s in capitals. The change may be an obvious one to spot in the context of this blog post, but it is extremely easy to miss when glancing at an email address and assume the communication is genuine, even more difficult to spot when the email appears to come from the companys' CFO. So it is not unsurprising when notallowed.com starts to receive calls from disgruntled high value customers and prospects wondering (at best) why they were sent this communication in the first place and (at worst) what has happened to the funds they transferred as a result of the communication.
Both of the above scenarios, although slightly amended for publication, and unfortunately true and examples of some of the scams we are detecting and working with customers to stop. Over the past few months we’ve seen the volume similar cases increase and whilst thankfully the majority are being identified without any data being compromised or transactions approved etc. instances of fraud are still getting through.
These examples continue to underline why it remains incredibly important for brands and corporate businesses to retain a good level of vigilance through defensive domain registrations or registration monitoring, a process of authorisation when dealing with data or financial requests and a clear policy regarding how cases of fraud of handled.