As businesses strengthen data security protocols to protect against phishing, hacking strategies are evolving and becoming increasingly clever. Look-alike email scams are an emerging strategy used by hackers to deceive even sophisticated businesses. A particularly ingenious scam now circulating heightens the importance of educating C-suite and other key company personnel, especially those with financial responsibility, of the need for scrutiny of any directive that would result in the transfer of company assets.
Unlike more easily-detected phishing emails from suspicious outside addresses, look-alike email scams operate through actual email addresses which appear to come from a source within an organization. A recent ruse involves impersonating legitimate company personnel, then using fictitious internal communications to cause other company personnel to transfer funds. Hackers register available top-level domain names with a nearly-imperceptible variation of the company's actual domain name, which can easily trick the eye of a busy corporate officer, particularly in a fast-paced working environment involving a high daily volume of emails.
In the latest look-alike email scam, hackers diligently research the names and job positions of actual corporate officers within the target company, particularly those high-ranking executives with authority to transfer funds. Armed with this data, hackers set up look-alike email addresses using the names of real employees, then send communications from the look-alike email addresses to actual employee email addresses requesting transfer of funds. This hoax is particularly effective when a fictitious internal communication exchange is incorporated into the ultimate funds transfer email.
For example, the actual email address of the CEO of ABC, Inc. is "firstname.lastname@example.org", and the actual email address of the CFO of ABC, Inc. is "email@example.com". A hacker registers the look-alike email addresses "firstname.lastname@example.org" and "email@example.com". An actual email directing a funds transfer is sent from fictitious CEO "firstname.lastname@example.org" to fictitious CFO "email@example.com". The email is then forwarded from the fictitious CFO to an actual employee in the ABC, Inc. accounting department, requesting or approving the monetary transaction listed in the CEO/CFO email. Look-alike email scams are difficult to detect due to the use of supposed email exchanges between known co-workers suggesting legitimacy and credibility. This is especially so when the spoof email addresses are created by substituting or adding certain letters, such as replacing the two L's in "abcllc.com" with three L's ("abclllc.com"). Awareness and prevention of this type of hacking is crucial in the corporate context.