Hi all,
Hi I am looking to pick the brains of the knowledgeable folks on these boards. The missus has a conveyancing firm and some of her clients have been targeted by scammers who are intercepting email chains between the missus conveyancing firm and her clients.
The scammers are sending the client fake emails purporting to be from her firm and trying to get clients to make payments to their bank instead.
Her firm uses a hosted outfit so security is all done at the hosted side and they say all their side is bulletproof. The hosted side have confirmed the scam emails have not come from the firms domain and they have SPF and DKIM configured on the hosting Domain and Exchange server.
The scammers are sending emails from addresses that are very slightly different from the firms emails and some clients are not picking this difference up. It’s a classic APP scam and we have warnings etc all over letters and emails to the clients.
I have contacted the registrar owner for the Domain of the most commonly used fake email but they don't give a toss.
As this has happened a number of times now she needs to get a cyber security firm to investigate. The regulators are saying that somehow the firms emails must be being intercepted and we are now under pressure to investigate this.
Does anyone have any theories about how the scammers are intercepting these email chains or can advise of any cyber security firms who would could investigate this?
Grateful for any help, we are desperate!
Hi I am looking to pick the brains of the knowledgeable folks on these boards. The missus has a conveyancing firm and some of her clients have been targeted by scammers who are intercepting email chains between the missus conveyancing firm and her clients.
The scammers are sending the client fake emails purporting to be from her firm and trying to get clients to make payments to their bank instead.
Her firm uses a hosted outfit so security is all done at the hosted side and they say all their side is bulletproof. The hosted side have confirmed the scam emails have not come from the firms domain and they have SPF and DKIM configured on the hosting Domain and Exchange server.
The scammers are sending emails from addresses that are very slightly different from the firms emails and some clients are not picking this difference up. It’s a classic APP scam and we have warnings etc all over letters and emails to the clients.
I have contacted the registrar owner for the Domain of the most commonly used fake email but they don't give a toss.
As this has happened a number of times now she needs to get a cyber security firm to investigate. The regulators are saying that somehow the firms emails must be being intercepted and we are now under pressure to investigate this.
Does anyone have any theories about how the scammers are intercepting these email chains or can advise of any cyber security firms who would could investigate this?
Grateful for any help, we are desperate!