I was alerted by an employee in my company that they had received a message that appeared to come from our CEO asking that money be wired to a bank account. Fortunately, the employee noticed that the domain name in the email address being used was 1 letter off from our official domain name and notified IT.
I took action by using Network Tools to find the registrar of the domain. I then contacted the registrar’s abuse department via email and included all the evidence of the domain name being used to scam our company. I also added the scam domain to our block list in Office 365. Fortunately, the registrar immediately revoked the domain.
This event underscores how important it is to train users to watch for scams and phishing attempts.