Perpetrator registered the ‘plural’ version of its domain name.
I was talking with a few business owners last week who all relayed a problem they face: whenever they hire a new employee, scammers try to dupe that person into giving up credentials.
This doesn’t surprise me. When my wife started a new gig recently, someone tried to impersonate the CEO of that company in a text message. They sent it to me, not her, perhaps because our phone numbers are similar and mine is easily accessible on the web.
Scammers can wreak havoc once they get into a system. They often do it to gain control of email accounts so they can run invoice fraud. Then, they impersonate the company and trick a customer into wiring funds to them.
An example of invoice fraud is in a cybersquatting lawsuit recently filed by government contractor Peraton. Someone registered the domain name peratons .com (with an s at the end), hijacked an email thread, and tricked a customer into wiring funds to the scammer.
Peraton filed an in rem lawsuit against the domain name and requested an injunction.
The injunction might not be necessary; Namecheap has already placed the domain on ClientHold to prevent its DNS from working.