news How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

[dncafe]

Some cyberattacks involve extremely sophisticated tools and cutting-edge exploits. Others, not so much.

A case in point is an incident involving a Chinese venture capital firm and an Israeli startup that it had agreed to fund. Nearly all it took for scammers to walk away with a cool $1 million in cash — meant for the startup from the investment firm — was two Web domains and 32 emails.

Full article: https://www.darkreading.com/attacks...-$1-million-from-a-chinese-vc-/d/d-id/1336547

 

[Not a robot]

Companies need to vigilant.

I have heard another case a while ago where a rough employee sends an e-mail to a customer about bank account. Several misdirected payments were made before it was discovered.

B2B scam can’t be hard to detect. We use G Suite and Gmail would warn you if it senses something suspicious, but an employee who’s untrained in security or in a hurry could outright discard the warning. Admins can manually setup filters, but it took foresight and a lot of manual action on mail queue.

There is always a problem of misdirected mail, especially if you don’t have a .com domain. It’s easy to direct a mail to .com or .co if your extension is .cc . Even company employees can make such mistake when CC’ing colleagues. It’s a problem when people don’t check mail bounce message. It’s a bigger problem when admins set up catch-all mail account so there isn’t a bounce message.

And also exact-match .com can be either too expensive or already used by someone else.

 

[lock]

Totally acceptable apparently as long as IDN is disclosed and nobody researches. No attack is required to fake a domain.

 

[lock]

I have had mail hijacked sites hacked is awful experience when email especially with emails sent.