How to Protect Your Business Against Lookalike Domain Scam

How to Protect Your Business Against Lookalike Domain Scam

July 14, 2023 / in Blog / by Zafar Khan, RPost CEO

Falling Prey to a Lookalike Domain scheme can get your entire organization and its clients in major trouble.

Alexander Pope famously wrote, “to err is human, to forgive divine.” It’s usually a nice, refined thing to say to someone when you screw up—the implication is that people make mistakes, and to look past those mistakes is an uncommonly gracious thing to do. 

Now if my teen kid spilled some cereal on the kitchen floor, looked at me, and then uttered these famous words, I’d cut him some slack and commend him on his reading and memorization of Bartlett’s Familiar Quotations.

Taken to another level, if one of your employees falls prey to a lookalike domain scam and sets up recurring payments on an invoice with cybercriminal bank details, hearing “to err is human” would likely cause apoplexy. Your employee’s error, which would not be difficult to commit, would cause major problems for your company. To forgive, in this case, would be challenging. 

The precise mechanics of a lookalike domain scam are outlined in one of our recent Tech Essentials articles, but the broad strokes are this: via some fairly simple email formatting tricks, one can fairly easily be tricked into replying to an email appearing FROM ray@burgerking.com (real address) with the reply mysteriously going to ray@bergerking.com (fake address) with the sender in your company THINKING that their email is actually going to ray@burgerking.com (real address). Ultimately the fake person receiving the real email lures staff into paying fake invoices or doing something that benefits the cybercriminal.

Multiply this fairly easy probability by the number of people in your organization accessing your network, and you may want to sit down and take a deep breath. 

Worse still, scams like these are growing in frequency and are causing firms to waste vast sums of internal resources trying to do damage control and shore up existing systems and protocols. So, wouldn’t it be great if you could confidently know your staff would never reply to a lookalike impostor email?

RMail’s new Microsoft Outlook integrated Lookalike Domain™ alert feature is the only easy way to thwart this type of scam, thus saving you and your firm a lot of headaches. It would have seen beforehand (via AI) that the “bergerking.com” in the reply domain was a lark and not one that you have any business contacting.

This Lookalike Domain alert technology runs inside the RMail for Microsoft Outlook add-in, so there is no fancy set up or expensive service that you need to use it. A 2-minute installation (click here to download free) is all it takes to get you and your organization protected.

Feel free to contact us to learn more about RMail and its err-killing Lookalike Domain™ alerts. Have a grate weekend [whoops! I guess to err really is human…]