24 August 2022
24 August 2022India: Scammers registered a confusingly similar domain name of a Hyperbad Aerospace company and managed to scam their partners.
TFC Manufacturing run of the domain name tfcmfg.com. The scammers registered the domain name “tfcmfq.com”. The fraudsters simply registered the domain name and replaced the “g” with a “q”.
Once tfcmfq.com was registered, the scammers then sent emails to TFC suppliers informing them that their bank accounts were changing and requested that their account information be updated for future payments.
Due to the similarity in the domain name, the staff in question thought they were dealing with a legitimate business. Normally in these scams, the website is copied, real names of employees are used and even the signatures look the same.
The end result was that $290,000USD was wired to the scammer’s overseas account, and it will be unlikely that the money will be recovered.
One letter is all it took to defraud a company with a significant amount of money. Companies can avoid this by defensively registering typo domain names and implementing a domain name monitoring service that captures confusingly similar domain name registrations.
Typo Squatting Attacks
Typosquatting is the practice of registering confusingly similar domain names to a legitimate business’ domain name, which can then be used as a platform to send spam, phishing emails (as is the case here) and malware. The attacks are sophisticated in their planning, simple to deploy and occur frequently.
Credit: Risk Lens
In most cases, typo squatting attacks do not hit the radar until a customer, partner or 3rd party is impacted. To combat these sorts of attacks, we recommend being proactive and implementing basic monitoring to find any typo squatting-related domains before they become a problem.
About brandsec
brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.
