3

This is the problem my friend is facing in his office. Someone is using an almost similar domain as my friend's company (via email). This person is posing as their company and asking them to send money with an invoice of the same format as his company uses but the only thing is different is the account details where amount should be debited while claiming that their product they ordered is out for delivery.

It seems imposter has details of clients emails, the format of the invoice the company uses and it's likely they somehow know the conversation going on between their sales office and clients.

How can I help him? Is there something that I can do or advise?

schroeder
  • 129,372
  • 55
  • 299
  • 340
aitkotw
  • 33
  • 2

2 Answers2

3

Use a tool like http://www.tcpiputils.com/ to find out who owns the fake domain and who hosts the fake domain and locate the "abuse" email. Send them samples of the fake emails. This should help to take the fake domain down.

Meanwhile, send warnings to all the clients that there is active criminal activity going on.

As for whether or not someone knows the communications between the company and the clients, there is not enough detail to provide any answer about what to do about that.

schroeder
  • 129,372
  • 55
  • 299
  • 340
3

Also:

It seems imposter has details of clients emails

Find out how. Get professional help to check if his website is compromised - or set it up brand new with security in mind.

  • This answer should not be overlooked. How did the criminal got the info? Is he an insider? Did your internal network got compromised and someone was able to steal information and pose as you? This is VERY important to find out. – Caterpillaraoz Jan 13 '18 at 16:07