Email identity theft

A domain name with no active hosted site can be extremely dangerous if used to send fraudulent e-mails. A third party registering a trademarked domain name can use it to create e-mails (e.g. xxx@groupe-marque.com) and usurp the victim’s identity for malicious purposes.
E-mail identity theft combined with social engineering enables fraudsters to embezzle financial funds, illegally recover merchandise or spread false information.

Change bank details

In December 2016, the Chantelle lingerie group discovered that email addresses had been created on the basis of the groupe-chantelle.com domain name by impersonating employees in its accounting department. These fake addresses were used to send emails to partners, using the pretext of a change in the group’s bank details to divert bank payments intended for Chantelle.

Chausson Matériaux, a French group in the building materials distribution sector, recovered the disputed domain name chausson-materiaux.com in August 2016 via an out-of-court procedure. The cybersquatter used it within an email address in order to send an email to one of the company’s customers with a view to diverting payments due to the latter.
In July 2016, the Rexel energy group, listed on the French stock exchange, was warned by one of its customers of the receipt of emails from the email addresses “[…]@rexel-groupe.com” asking it to proceed with the modification of Rexel’s bank details.

Payment of false invoices

Bolloré, the French international transport, logistics and communications group, has discovered that the domain name bollore.co, owned by a third party, is being used to send emails. These fraudulent e-mails, entitled “Facturas” or “invoices” in Spanish, request payment by bank transfer of undue sums. These fraudulent emails are considered to have been sent in bad faith, and the domain name is recovered by Bolloré in May 2017.

In April 2017, the Swiss watchmaking group Swatch recovered two typosquatted domain names: sawtchgroup.com and zwatchgroup.com. They were used to send fake emails to Swatch employees from one of the group’s executives whose identity had been impersonated. The e-mails request urgent payment of financial funds.

A third party registered the domain name and used it to send e-mails to the accounting department of the Ricard spirits company, posing as the company’s executive director in India. These fraudulent e-mails request payment of a false invoice (“Can we make payment for a due invoice today?”). The company recovers the disputed domain name through an out-of-court procedure in July 2016.

In spring 2017, a Rothschild contact received an email from @rothschild-am.com (AM for Asset Management) with the Rothschild logo and a link to the official Rothschild website. This fraudulent e-mail requests payment for a specific obligation. The recipient of the e-mail makes the payment to the bank account indicated in the message. Some time after the transaction, he contacts Rothschild, suspecting that he has been the victim of a fraud.

Detour of goods

Wine merchant Dulong Calvet has discovered that a third party has used the following email address “[…]@dulong-calvet.com” to contact its customers, pretending to be Dulong Calvet. The aim of this identity theft was to have numerous bottles of wine and champagne delivered without the corresponding invoices being honored.

Spreading false information

On November 22, 2016, identity theft via a false press release reporting significant financial losses affected Vinci, leading to a dramatic 18% fall in its share price. The emails used to spread false information were constructed by associating VINCI with GROUP in domain names owned by third parties: vinci.group and vinci-group.com.

Personal data recovery

The lhotellerie-restauration.fr website puts recruiters and candidates in this field in touch with each other. Candidates’ CVs are grouped together in a CV library accessible to recruiters on a paid subscription basis. The domain name verification?lhotellerierestauration.com containing the trademark HOTELLERIE RESTAURATION was registered by a third party in July 2017. Using the disputed domain name, the cybersquatter has created an email address “identite@verification?lhotellerierestauration.com” with which he sends messages to candidates who have submitted their CVs to the online CV library whose emails he has fraudulently recovered. In this way, he attempts to obtain copies of official documents, identity papers and, more generally, the personal data of the recipients of these e-mails.
To perfect his deception, the swindler has not hesitated in his declarations during registration (see WhoIs) to use the victim’s brand name and address falsely, in order to thwart the suspicion of Internet users who would like to be sure of the origin of the e-mails received.

Brand Alert Solidnames enable companies to be alerted as soon as a domain name incorporating a brand name has been registered and has activated an e-mail service.

The SecURL Solidnames service alerts users to theactivation of mail associated with a potentially litigious domain name.