Labeled as news in General Domain Discussion, started by dncafe, Dec 8, 2019
Full article: https://www.darkreading.com/attacks...-$1-million-from-a-chinese-vc-/d/d-id/1336547
Companies need to vigilant.
I have heard another case a while ago where a rough employee sends an e-mail to a customer about bank account. Several misdirected payments were made before it was discovered.
B2B scam can’t be hard to detect. We use G Suite and Gmail would warn you if it senses something suspicious, but an employee who’s untrained in security or in a hurry could outright discard the warning. Admins can manually setup filters, but it took foresight and a lot of manual action on mail queue.
There is always a problem of misdirected mail, especially if you don’t have a .com domain. It’s easy to direct a mail to .com or .co if your extension is .cc . Even company employees can make such mistake when CC’ing colleagues. It’s a problem when people don’t check mail bounce message. It’s a bigger problem when admins set up catch-all mail account so there isn’t a bounce message.
And also exact-match .com can be either too expensive or already used by someone else.
Totally acceptable apparently as long as IDN is disclosed and nobody researches. No attack is required to fake a domain.
I have had mail hijacked sites hacked is awful experience when email especially with emails sent.
Separate names with a comma.