Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.
I’m sure we’ve all seen the above example before. The idea is very simple. As we all go about our day, our eyes glance over the text before us and we see what we want to see. Cyber Criminals and would be wire transfer thieves know this as well. As you’ll soon learn, they take advantage of this all too often.
One of the most common tricks that criminals use is to purchase a domain name very similar to yours, but with a letter or two changed. Then, they can start emailing your customers, employees, or contacts back and forth without always being noticed. Here’s one of the most common examples:
[email protected] does business using the ABCtitle.com domain. Meanwhile the wire transfer thief purchased the domain name ABCtit1e.com for $9.99 and he is off and running. The difference? Rather than spelling the word title with the letter “L”, the thief replaces the letter “L” with the number “1” (one). The word title also contains the letter “I” in title. The letter “I” also is easily substituted with the number 1. Depending on your domain name, there are many opportunities for deception.
Here is an example substituting the letter “L” with the number “One”. Look closely: 1l1l1l1l1l
Do you think that your customers could spot the difference? Remember what the opening paragraph of this article says.
HOW CAN YOU PROTECT YOURSELF?
Stay ahead of the criminals. If your domain is ABCtitle.com, invest the $9.99 and purchase ABCt1tle.com and ABCtit1e.com. If YOU own them, the thieves cannot purchase them. Maybe your name is SuperMegaOneTitle? Then you’ll want to purchase SuperMega0NeTitle.com, replacing the letter “O” with a “zero”. As you can imagine, there are many ways criminals purchase bogus domain names. Adding additional letters is another one, such as: ABCtittle.com. In this example, there is an extra letter “t” in title.
In closing, it’s not always possible to stop all fraud, or purchase every imaginable combination of your domain. BUT, with a little forethought and creativity, you can take the first step. You can make it harder for the bad guys to impersonal your business.
ONE LAST THING.
On a personal level, we have seen these tricks used in action many times. As a service provider, we have criminals email us quite often pretending to be our customers using the very tricks mentioned above. It is worth noting that it’s not just the bad guy trying to pose as you in order to write your customers. Criminals often pretend to be other industry vendors, partners, or employees, in an attempt to send viruses, malware or to obtain sensitive information.