One of the common TTPs used by fraudsters targeting a particular company is to create domains that look very similar to a legitimate domain owned by one of your suppliers, and send you fake or manipulated invoices.
Typically, these domains are made on the fly when the attacker spots an opportunity, and can be hard to spot to the casual observer. One trick is to substitute charaters in the domain name, e.g. rn for m or 1 for l.
Often they will make domains for both parties so that they can sit in the middle of an email exchange between parties.
Yes, there are many ways to identify and combat this, but most companies don't, and many, many companies fall for this trick.
This kind of attack is a double whammy, where both legitimate parties lose. The customer loses by still being liable for the original invoice, and the supplier will lose if the customer fails to pay or is late in paying the original invoice, then there is the loss of trust between the parties, and the cost of both parties investigating and remediating the issue.
We help you with a layered approach to this (and many other) technique, but one the most effective defences in our experience, is to block new domains from sending you email.
How does the attacker know when to implement this kind of attack? Usually one of the parties has suffered a Business Email Compromise (BEC) where the attacker is already inside the mail system - we also help to prevent this from happening.
Prevention is ALWAYS cheaper than investigation and remediation (we know, because we do both).
Our email security suite ( https://lnkd.in/dRR9RMYe ) works seamlessly with self hosted, M365, and Google Workspace to help prevent this, and many, many more attacks on your business.