When it comes to protecting yourself, your business and your personal information, remember this key advice: before proceeding to a website or clicking on a link in an email or text, make absolutely sure the URL is legitimate.
Law enforcement officials have warned the public be aware of new fraud schemes taking advantage of current news events through look-alike website domains.
One of the key methods of look-alike domain scams – or spoofing – is employed in Business Email Compromise (or BEC), where someone asks for alternate wiring instructions or notes changes in payment services. Scammers are trying to take advantage of your anxiety, and it works.
So, before you act, follow our best advice: STOP, CALL and CONFIRM.
STOP what you are doing and review the email address for any discrepancies or anomalies. Pick up the phone and
CALL the requestor at a number you know (don’t call the number in the email or respond to the email because you will likely be corresponding with the fraudster).
CONFIRM the request as legitimate.
Why call instead of simply entering the domain name in a search engine? Because, unfortunately, fake domain names occasionally show up.
Another tactic is to place a form on the website that requires the user to input information that is intended to enable the fraudster to impersonate the user. It might require username and password, or other registration data.
“At Regions Bank, we try to educate our customers and the public on the latest in scams,” said Jeff Taylor, head of Commercial Fraud Forensics at Regions Bank. “We aren’t here to scare you, but to make you aware of various pitfalls. Unfortunately, the look-alike domain scam is a difficult one because banks and businesses often utilize different domain names for legitimate purposes.”
Look-Alike Domain Scams Used to Defraud Vendors
The FBI also warns that there’s an uptick in attempts to use BEC for further fraud. Most commonly, a business receives a BEC that appears to be from a reliable source requesting purchase orders. Only later does the legitimate business realize it’s been taken by a scam when they try to collect payment.
Again, look-alike domains play a huge role in deception. Consider these examples of spoofed email addresses from the FBI:
| Actual Email Domain |
Spoofed Email Domain |
| @company.com |
@co-pany.com |
|
@company-usa.com |
|
@companygroup.com |
|
@companygroupinc.com |
|
@companyengineering.com |
|
@companiesengineering.com |
“Using look-alike domains has proven to be a successful way for fraudsters to embed malware on the user’s device – or to gather personal information for more devious use,” Taylor added. “Just like with other fraud vectors, it’s good advice to always check out the site first, and only provide your personal information when appropriate.”
If you realize you have provided your information on a look-alike domain, change your online password, call your bank to alert them and cancel your debit card. Keep your bank’s number in your contacts so that you always have it handy.
If you believe your company has been the victim of a BEC, please file a report with the FBI Internet Crime Complaint Center at www.ic3.gov.
Keep in mind that the faster you act, the better your bank can do at protecting your assets.
Related Fraud Prevention Articles From Doing More Today:
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.