Clever Look-Alike Domains
Cybercriminals range from incredibly stupid (like “Bill Gate”) to exceptionally clever. Just last week a woman contacted us about a job she was offered after a text-based interview process. She became increasingly suspicious that her new job wasn’t legitimate, and asked for our opinion. Of course it was another “advance check” scam disguised as a job offer. But what made this scam more interesting (and effective) was the fact that the criminals had created and used a domain that was a perfect compliment to a real business website. (We’ve published an article citing more than 175 real businesses used by these Nigerian scammers.)
The woman, whom we’ll call Zoe, had been invited to interview for a job with Cox Automotive Inc. Provided during the interview process was a pdf file titled “Pre-Job Briefing.” It included a logo for the company, as well as a link for the Cox Automotive website at coxautoinc.com. According to Google, Cox Automotive employs more than 30,000 people.
CAN YOU IDENTIFY SOMETHING IN THESE EMAILS THAT MAY SUGGEST THEY DO NOT REALLY REPRESENT COX AUTOMOTIVE INC?
We hope TDS readers noticed that these emails came from a domain that is similar to, but not the same as coxautoinc.com! The emails were sent from coxautoinc.careers. There is a SIGNIFICANT difference between these domains as you’ll see below. The real business domain was registered in the United States in 2014 to the company mentioned on their website as Autotrader. However, coxautoinc.careers was registered anonymously in Panama on December 14, 2020.
Making this fraud more difficult to see through is the fact that if you visit coxautoinc.careers, you’ll discover that you are redirected to the legitimate website for this business at coxautoinc.com.
After being hired by these scammers, Zoe received official documentation that included a legal-sounding document that detailed benefits and job responsibilities to be signed by her. The scammer, disguised as “David Orchid” had signed and dated the contract, revealing another tiny suspicious “tell” that something about the agreement was odd. In the US, people write a date as month, day, year such as 1/13/2021. But in the rest of the world it is written as day, month, year. “David Orchid” dated his offer letter of January 6 as 6/1/2021 instead of 1/6/2021. Zoe was also sent an “expense reimbursement agreement” in which the scammers set up the next step of this scam, sending a fake check and asking that Zoe use her REAL money to pay for things on behalf of the company after she deposits her check. The check will bounce, of course, long after Zoe has wired her hard-earned money to these criminals disguised as sellers of equipment Zoe is told she must buy.
It pays to be skeptical online and verify, verify, verify!
Daily Scam Home Page