Hi I’ve been a KnowBe4 customer for 3 years and have trained my (10) users constantly. Well despite best efforts one email box was penetrated (via webmail access from OWA) and bad guys monitored the account and subsequently saw an email exchange from our CEO to a client about a funds transfer. The bad guys set up a look-a-like domain and emailed the client purporting to be us. They were successful in having our client respond to emails and almost succeeded in having money redirected. Fortunately after some suspicion our client called us and it was thwarted.
However the bad guys still have a look-a-like domain up despite me contacting the registrar (PublicDomainRegistry.com) with several requests to take it down and providing them transcripts of the attempted fraud. It has been almost a week While we have contacted all our clients of this incident I am still fearful of a similar attempt with the domain still up and not knowing what exact access the bad guys had in email messages. I have also contacted the FBI but quite frankly that procedure (told to fill out a form) is in my opinion very weak.
Any suggestions on how to assist in having the registrar take down the domain or having it entered on some blacklist?