Helpdesk: 0207 100 3655
Support key
Enter your PIN-code to connect with one of our technicians
No PIN-code? Contact us


Domain Spoofing Frauds

Domain Spoofing Frauds

We are increasingly seeing small and medium sized companies being attacked by well researched frauds, where an email appearing to come from a known supplier, with a new bank account, or from a senior internal member of staff requesting an outstanding invoice be paid by online transfer.

The attacks often register a domain which looks very similar to a company’s own domain but with an nn instead of m or a uu instead of a w, in the domain name of the sending email address e.g.

What can you do?

  • Get verbal confirmation from senior staff of transactions, or confirmation from two parties via text message, or a channel other than email.
  • Use dual online confirmation of transfers, if your bank allow this. (Barclays do, for example)
  • Read the emails very carefully and double check spelling in domain names, the bit after the ‘@’ sign in addresses.
  • Don’t have out of office reply’s, they inform fraudsters that a staff member is away.
  • Be mindful of what gets posted on Linkedin or other social media sites, the fraudsters research via online sources.
  • Get suppliers to confirm, in writing, changes to bank details.
  • If you are the boss, or finance director, do not get people to make transfers just by sending emails! The tendency of senior staff to fire off emails asking for large online transfers, encourages the accounts staff to fall into this trap!
  • Make the risk of fraud part of the annual security risk assessment and business continuity plan.

What can we do?

These are not technical attacks, they rely on faith that email is sent by the claimed recipient and poor processes.There are no settings changes, configuration changes, nor spam filters, that can successfully block most email of this sort. The reason for this, is that they are often targeted attacks, and come from similar seeming domains. As email like this can come from both valid, and invalid, sources, this is almost impossible to block, until it has been noticed by an employee.

This most important thing you can do to counter this type of attack is to: first and foremost – raise awareness of this issue amongst your staff, also put in place multiple factor authentication, and finally make this part of your Business Risk Assessment/Business Continuity Plan.

Here is an article from well-known security expert, Brian Krebs, with some richer details.

Next Article