Domain spoofing

IMPERSONATION FRAUD and DOMAIN SPOOFING

 

1.- We have detected an increase in the number of incidents of persons or groups attempting to commit cyber and telephone scams by fraudulently pretending to be a HIMOINSA employee in an email or by making a fraudulent phone call using a disguised (spoofed) phone number that appears to be a legitimate HIMOINSA phone number. The following techniques have been observed in these attempts.  

 

Methods
*A person pretending to be a HIMOINSA employee (speaking Spanish or English) makes a telephone call using a disguised (spoofed) telephone number that appears to be a legitimate Himoinsa phone number to request an urgent transfer of funds.

 

*An email with our email domain (@himoinsa.com) in the senders address requesting an urgent transfer of funds is sent by someone claiming to be a HIMOINSA employee. (If you attempt to reply to this email, a different email address appears in the recipient line.)

 

*An email with our email domain (@himoinsa.com) in the senders address is sent by someone claiming to be a HIMOINSA employee and contains a fraudulent invoice and new bank account information for making payments.

*An email is sent from a free email service that includes “himoinsa” or a similar character string in the address (examples: @himoinsacorporation.com, @himoinsagroup.com, etc) requesting the recipient to click a link in the email text or in an attached file that will download a suspicious file to the recipient’s computer.

 

Please be advised that suspicious telephone calls and emails such as these are fraudulent and have absolutely no connection with HIMOINSA. We therefore ask that you exercise utmost caution in dealing with them.


Additionally, we ask that you take the following steps to prevent damages in the event of receiving a fraudulent email or telephone call.

 

2.-  Main Protective Measures


If you receive a phone call or email purporting to be from a HIMOINSA employee requesting a transfer of funds, do not reply or comply at that time, and instead contact HIMOINSA through official channels to verify the request.


If you receive an email purporting to be from a HIMOINSA  employee requesting you to update bank account information for making payments, contact HIMOINSA by a means other than email such as by phone to verify the request.


If you receive a suspicious email, delete it immediately from your inbox and do not click any links contained in the email text or any attached files.

 

3.- Fraudsters can set up website domain names which are confusingly similar to real domains, in order to try to fool clients into thinking they are corresponding with a genuine email address. Himoinsa has seen numerous variations of our own @himoinsa.com email addresses including the following:

 

•himolinsa.com

•himoisa.com

•hiimolnsa.com

•himoinsadmon.com

•himoinsapay.com

 

Himoinsa takes the security of its clients’ data seriously and our systems are set up to hold your data securely in line with physical, technical and administrative security measures. We adopt industry best practices wherever possible, regularly review our security procedures, and also provide mandatory and regular staff training in order to protect against phishing or similar attacks which could lead to such data leaks.

 

However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk. We therefore recommend the following precautions when corresponding with Himoinsa, and in particular when being asked for confidential or personal information, or when dealing with any payment requests:

 

 

PRECAUTIONS

 

A. Always verify the sending address and make sure it says Himoinsa.com in the address and the headers of the email.

 

B. Ensure that any matter number or reference quoted corresponds with what is expected or has been known/verified in the past.

 

C. Check the full invoice calculation to ensure accuracy of charges, as figures in these fake invoices are often miscalculated.

 

D. Confirm that logos / branding is consistent with previous correspondence.

 

E. Check to ensure that the bank details are correct.  Any changes to our bank details would always be officially communicated to you rather than simply changed on an invoice.

 

F. Be alert to any change in style or tone of an email.  If it seems out of character or inconsistent with the style or language of prior emails,  this may be an indication that the sender is someone other than the person you are accustomed to dealing with.

 

G. If unsure, always call Himoinsa (at a known/confirmed number) for verification/assistance. Don’t simply use unvalidated phone numbers provided on the invoice, as those often ring to fraudulent phone systems where they’ll falsely validate bad account information.

 

If you suspect that you have received fraudulent correspondence related to Himoinsa, please notify us via email at  email-abuse@himoinsa.com. Fraudulent correspondence can also be reported to your email or telephone provider, the local Consumer Protection authorities and Police agencies.

29-July-2021