Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Look-alike Domain Spoofing Scam Takes Charity for $1 Million

    Happy volunteer family putting their hands together on a sunny day-1In yet another case of business email compromise, a charity is fooled through a combination of diligence, sophistication, and social engineering.

    Back in August of 2019, Red Kit Community Housing, a U.K.-based charity, was victim of a BEC scam. According to a recently released notification about the scam, the cybercriminals did their diligence to identify external individuals at an entity that was providing services to the charity and, therefore, had their trust, spoofed a domain to represent the external entity, and used social engineering skills to make it seem like their communication was “a genuine follow up to an existing conversation.”

    Whenever conversations over email involve money and the changing of banking details, there always needs to be a protocol to validate the request. To Red Kite’s credit, they do employ “a two-stage process to verify changes to payments and accounts which ordinarily would have caught this attempt.” But, in the case of this scam, the controls weren’t exercised in the way they should have.

    According to Red Kite’s press release, “one key lesson is that no matter how good you believe your systems to be, the human dimension will always be a potential weakness.” This is why it’s imperative for organizations to realize just how much risk the user poses to the organization, and seek to eliminate that risk through continual Security Awareness Training. Through continual education, users can be taught be remain vigilant, especially in the face of any communications involving money and altering methods of payment.

    The folks are Red Kite hope that through their sharing of this story, “…that colleagues in the sector reflect on their own systems and take the opportunity to ensure that this doesn’t happen to them.” Heed Red Kite’s warning.

     

    Return To KnowBe4 Security Blog

    Discover dangerous look-alike domains that could be used against you! 

    Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

    Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

    DomainDoppelgangerResults-1Here's how it's done:

    • Get detailed results of look-alike domains found similar to your primary email domain
    • You can now quiz your users with your look-alike results
    • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
    • It only takes a few minutes to discover your “evil domain twins”!

    Find Your Look-Alike Domains!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-doppelganger

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews