Cybercriminals are increasingly using lookalike domains in targeted email-based scams, making them harder to detect. These domains mimic legitimate websites by subtly altering letters or using different top-level domains, making them appear credible. The scammers use these lookalike domains to target a wide range of sectors, including finance, legal services, insurance, and construction. As these attacks become more common, the scope of affected individuals and organizations continues to expand.
Once attackers acquire a lookalike domain, they set up email servers to distribute deceptive communications. Using data gathered from public sources or previous breaches, they craft personalized messages targeting specific organizations or individuals. These emails often include malicious attachments or links designed to steal sensitive information, authorize payments, or compromise systems.
The attackers exploit their knowledge of business communication styles to appear legitimate.
The report highlights several common scam tactics utilizing lookalike domains. These include invoice scams, executive impersonation, account takeover, and phishing. For example, attackers may impersonate a financial institution, urging recipients to process a payment by referencing a fabricated transaction.
Other scams involve impersonating vendors or recruitment agencies to steal personal details like social security numbers and bank accounts.
To combat these threats, organizations are advised to implement proactive monitoring and quickly address suspicious domains. It’s also crucial for businesses to educate clients on the dangers of lookalike domains and provide resources for reporting suspicious activities. Detecting these attacks can be challenging, especially with generic or initial-based client names, but a comprehensive approach can significantly reduce the risks posed by these increasingly sophisticated scams.
Reference:
