The Com Laude Casebook: Business Compromise

Imagine this scene. It’s 7:25 AM, you are going about your morning routine – eating breakfast, commuting to work or at your desk ready to make a start. It’s just another day.

Unknown to you, somewhere in the world, someone is registering a new domain name. That individual is acting in bad faith, targeting you by registering a domain that resembles your business email address. However, they have changed the letter ‘n’ into an ‘m’ or added your company’s legal identifier ‘Limited’ or ‘LLC’ to your brand name. Even used a homoglyph character closely resembling a character in the Latin script. Making it difficult to spot that the email is actually from an illegitimate source.

By 12:27 PM, lunch is underway and you’re tucking into your world-class cheese and pickle sandwich.  As you consume your last mouthful, the bad actor strikes. The person sends an email, using the domain registered that morning. It’s not addressed to you, but to your company accountant from an email that looks like yours. The email advises your accountant to process a large, urgent payment from the company’s finances to assist with highly confidential business. The bad actor’s standing by, ready to receive email replies, manipulate the situation, and successfully receive the funds.

At this point, the fraudulent domain name is recognised, the bad actor’s scheme is disrupted, and none of your company’s money is lost. Mission accomplished, or at least you hope it is.

The above scenario, timings and all, comes directly from a real case handled by Com Laude on 21 August 2019.  Everything apart from it being you, and the cheese and pickle sandwich of course. In fact, it happened to someone who turned to our domain monitoring and disputes team for assistance. We don’t know what they ate for lunch that day, but the incident definitely left a nasty aftertaste.

This scenario is an example of a Business Compromise Email. One of several domain name abuses we’re going to cover in our blog series outlining some of the work of our domain monitoring team. Most individuals act instinctively in response to a convincing replica of their corporate domain name and it comes in many different forms. And working from home, as we are right now, might make us even more vulnerable. An incident like this can cause high levels of damage using an instrument of fraud that masquerades as you, or your business. This style of abuse is rapidly on the rise, too. The World Intellectual Property Organization’s UDRP domain dispute resolution service shows a 480% increase in harmful domain name fraud compared to the early days of the Internet.

How do you combat it? Domain name monitoring. We offer an exclusive software, Com Laude Watch, which identifies rogue registrations at the very beginning. You are alerted and quick action is taken by having your system administrator block them. Acceptable use policy complaints can be made to the provider of the outgoing email service, in order to disable a fraudulent domain. Finally, we will deploy the time-tested UDRP to dispute that domain and bring it safely into your portfolio. This is what happened in above case, the effectiveness of our complaint won the domain and it was transferred to our client to ensure nobody would use it again.

Rest assured, there is peace of mind for you and an opportunity to avoid the expense of high-level fraud, safeguarding your company’s financial resources. For one thing, that saving could buy you a great deal of cheese and pickle sandwiches.

If you would like to know more about our domain name monitoring service, contact us.

Uncover more real-life scenarios in our Com Laude Casebook series here.