Steps to take down a "Look-a-Like" Domain

(Glenn) #1

Hi I’ve been a KnowBe4 customer for 3 years and have trained my (10) users constantly. Well despite best efforts one email box was penetrated (via webmail access from OWA) and bad guys monitored the account and subsequently saw an email exchange from our CEO to a client about a funds transfer. The bad guys set up a look-a-like domain and emailed the client purporting to be us. They were successful in having our client respond to emails and almost succeeded in having money redirected. Fortunately after some suspicion our client called us and it was thwarted.

However the bad guys still have a look-a-like domain up despite me contacting the registrar ( with several requests to take it down and providing them transcripts of the attempted fraud. It has been almost a week While we have contacted all our clients of this incident I am still fearful of a similar attempt with the domain still up and not knowing what exact access the bad guys had in email messages. I have also contacted the FBI but quite frankly that procedure (told to fill out a form) is in my opinion very weak.

Any suggestions on how to assist in having the registrar take down the domain or having it entered on some blacklist?

Thank you.

(Howard) #2

Great question. You can probably also go after the hosting service too. It appears that terms seem clear enough for phishing and fraud. They say once evidence is provided they will investigate and suspend the domain if they agree with your claim. You certainly seem to have provided very good evidence. I have also read that it can sometimes take a while. In addition to submitting this through their abuse forms, I would call the company if you haven’t. I’ve read this is an important step to move thing along. As an added step I would consider filing a DMCA take down notice with Google if they are using your copyrighted images (content) That would delist them from search. Although search isn’t the primary enemy here it might help convince the registrar to move faster. The laws of the country where the hosting company resides is a wildcard. If they are highjacking your brand there is a good chance they may be violating your trademark too.