Bogus domain names and spoofed emails result in a hacker stealing $1million.

Vice reported about a man in the middle attack where a Chinese hacker was able to steal $1millin from a Chinese VC and Israeli startup.

From the article:

After seeing the original email thread announcing the upcoming multi-million dollar seeding fund, the hacker took action. Instead of monitoring subsequent emails by creating an auto forwarding rule (standard practice in traditional attacks), the hacker started by creating two lookalike domains.

“The first domain was essentially the same as the Israeli startup domain, but with an additional ‘s’ added to the end of the domain name,” Check Point said. “The second domain closely resembled that of the Chinese VC company, but once again added an ‘s’ to the end of the domain name.”

Read the full article on Vice to see the whole scam and what the researchers recommend all companies do to avoid this happening.

Hat tip to Don Gondon