How Cybercriminals Use Lookalike Domains to Fool Finance Chiefs

How Cybercriminals Use Lookalike Domain to Fool Finance Chiefs

February 09, 2024 / in Blog / by Zafar Khan, RPost CEO

Don’t mis-send $26 million, harness the vibe of this ‘Year of the Dragon’

Armand, here again. As RPost’s product evangelist, I’m thrilled to be here in Hong Kong to kick off the Year of the Dragon in 2024

As you may know, the Chinese and Lunar New Year celebrations kick off this weekend, to celebrate the ‘Year of the Dragon in 2024’. From what I am hearing from the locals, this year will be all about the Dragon infusing the positivity of innovation and problem solving into our subconscious.

However, the cybercriminals here seem to be celebrating their innovation and problem-solving prowess as well, and as of this week, they are $26 million richer.

Since I arrived a day ago, cybercriminal innovation struck. Just this week, a finance professional in a Hong Kong firm was lured into mis-sending $26 million in fifteen sequential wire transfers.

Surely a firm that can easily transfer millions of dollars per wire multiple times per day has the money and expertise to lock down their internet security. 

So how did the criminals ensure success? They used innovative AI for nefarious purposes all the while innovating how to communicate with the finance chiefs that they were looking to fool.

They started with a lookalike domain email lure that was clever enough to entice the finance chief in Hong Kong to join a web meeting to discuss necessary money transfers with some finance team members in the UK.

The cybercriminals set up the web meeting and used past recorded public executive webinars to train the AI to generate lookalike “deep fakes” and voice replication. When the finance chief logged into the meeting he saw several (fake but live and lookalike) familiar faces speaking to him with their normal accent and tone. “They” (the cybercriminals posing as specific executives), after chatting in the meeting, gave the verbal authorizations for the transfers.

Together, this created the trickery that led to the fund transfers from a large Hong Kong company to make the cybercriminals $26 million richer (per the Hong Kong police).

It seems even here in Hong Kong we’ve got big problems with the seemingly endless innovation by cybercriminals; in particular now that AI has become easily consumable for them, making their tactics even trickier.

So, while I’ll be all about positivity for the Year of the Dragon, put simply, we mere mortal armadillos and business professionals need to stay ahead of the innovation that AI is infusing into cybercriminal tactics.

The Year of the Dragon’s powers will make cybercriminals more innovative in their approach, and likewise, you’ll need to update email security to add new innovative layers --- today, it’s a must to add RMail’s newest targeted attack pre-emption layers with its abilities to detect when cybercriminals are actively eavesdropping on email --- even after delivery at the recipient or after the recipient forwards onward. True Dragon-inspired innovation!

We’ve got it all for you, the cyber tools that can empower you to harness innovation of the Year of the (Wood) Dragon in a positive way to combat the nefarious.