Domain Spoofing Frauds
We are increasingly seeing small and medium sized companies being attacked by well researched frauds, where an email appearing to come from a known supplier, with a new bank account, or from a senior internal member of staff requesting an outstanding invoice be paid by online transfer.
The attacks often register a domain which looks very similar to a company’s own domain but with an nn instead of m or a uu instead of a w, in the domain name of the sending email address e.g. firstname.lastname@example.org
What can you do?
What can we do?
These are not technical attacks, they rely on faith that email is sent by the claimed recipient and poor processes.There are no settings changes, configuration changes, nor spam filters, that can successfully block most email of this sort. The reason for this, is that they are often targeted attacks, and come from similar seeming domains. As email like this can come from both valid, and invalid, sources, this is almost impossible to block, until it has been noticed by an employee.
This most important thing you can do to counter this type of attack is to: first and foremost – raise awareness of this issue amongst your staff, also put in place multiple factor authentication, and finally make this part of your Business Risk Assessment/Business Continuity Plan.
Here is an article from well-known security expert, Brian Krebs, with some richer details.