The best investments aren’t in the bank — they’re in people.
-Mike Costigan
October is national security month. Truthfully, every month should be national security month and I want to share some really frightening security events that are happening locally.
The bad actors have stepped up their game. Again!
To understand this story, you will need to know the definition of domain. Domain is the name associated with your business for website purposes or email purposes. For example, in the email address: someone@gmail.com, anything after the @sign is the domain name, so in this example, the domain is gmail.com.
If you are trying to locate something on the internet, you might go to www.google.com or http://google.com to start the search. In this example, google.com is the domain name. If you want more information about Comp-U-Talk services, you would browse to www.comp-u-talk.com. Comp-U-Talk is the domain.
The bad actors are utilizing what I refer to as look alike domains. How many times have you misspelled google? I know my fingers occasionally get confused and type gogle or goggle. Research says that approximately 88 percent of all breaches are caused by human error. (https://www.influencive.com/human-error-is-still-the-number-one-cause-of-most-data-breaches-in-2021/) No one would intentionally bring in bad actors, but all it takes is one bad day: the dog died, you’re not feeling well, the water heater exploded and flooded the house…. Just one bad day…
Meanwhile, the bad actors are buying up look alike domains. They pretend to be the real domain owners and request payment via electronic transfer. And people are falling for it, because IT LOOKS LEGIT!!
Moral of the story: Look closely. In the true story above, the bad actors bought up a domain name that had the letters “ti” in the name. They substituted the letters ’tl’. Did you catch the difference? The real domain included T I , the look alike domain spelled it T L. In lower case type it is nearly indistinguishable. They injected email requesting payment for services via ACH. They received a payout. How they were able to inject mail into an ongoing thread has yet to be determined. I suspect there was undetected malware or a keylogger somewhere.
I always told my kids to learn from the mistakes of others. It is way less painful to learn from the mistakes of others than to learn from your own mistakes!
I have partnered with a company that specializes in training end users to be watchful and vigilant. We are still working out the kinks of the service, but it should be ready to deploy in the coming week. Depending on how many bells and whistles you choose, it will run between $3-$6 per user, per month. If you are interested in learning more, please call me.
In the meantime,
Stay Safe,
Stay Healthy
Go Easy on the Candy!
~Janet