Employees of agencies within the Australian government have been receiving targeted emails offering to register what amounts to a subdomain of a legitimate look-alike domain.
Employees of various agencies within the Australian government have been receiving an email urging them to take advantage of a “first right of refusal” on registering a subdomain of a look-alike domain name to the government’s domain name. The email creates some urgency by warning the recipient that someone else has requested to purchase the bogus subdomain (implying the registration would cause domain name confusion for the agency).
The Australian government’s Cyber Security Unit (CSU) issued an advisory warning agencies about the scam, advising them to not respond:
As we all know, you can’t sell a subdomain. But, in the case of countries like Australia where a complex base domain of vic.gov.au is used for the government (with the specific agency’s subdomain listed underneath), it’s plausible to see a non-techincal user believing that their agency’s domain could reside under vic.com.
In this particular scam, it appears that the intent of the scammer is to simply get someone at each government agency to cough up about $300 AU. But a scam like this could turn much more deadly; links to register could point to malicious downloads, spoofed logon pages to the existing registrar, etc.
To avoid scams like this, organizations need to educate their users via Security Awareness Training about how these types of scams work, why they’re bogus, and how to safely avoid becoming a victim of fraud or worse.