Cybercriminals don’t always need complex malware or zero-day exploits to succeed — sometimes, all they need is a typo. A simple variation in a domain name can be the difference between a legitimate business communication and a fraudulent one that costs millions.
In a high-profile example covered by MSN/W.S.J, BlackRock was allegedly fooled by fake invoices created by a firm owned by Bankim Brahmbhatt, an Indian-origin telecom executive, on a domain nearly identical to a real business — differing by just a tiny typo. This fraud probe began after BlackRocks’ private credit affiliate, HPS Investment Partners, alleged that more than $400 million in loans provided to a group of telecom firms associated with Mr. Brahmbhatt were backed by fake receivables. That event underscores a larger point: typosquatting is a powerful tool for cyber fraud.
What Is Typosquatting
Typosquatting is a form of domain deception where attackers register misspelled or visually deceptive domains that look like real ones.
Even seasoned professionals can miss these slight differences when reviewing emails or documents, especially under time pressure.
These fake domains are foundational to many phishing, business email compromise (BEC), and invoice fraud scams because they exploit human trust and familiarity.
How Typosquatting Plays into Cyber Fraud
Here’s how a simple typo can become a sophisticated fraud vector:
- Trust Exploitation: Typosquatting sites mirror a trusted domain’s branding and structure. When someone sees an invoice come from a familiar name — even with a tiny variation — they may assume legitimacy without verifying the URL.
- Impersonation for Financial Gain: Cybercriminals use typosquatting domains to impersonate real companies, vendors, or partners. They send fraudulent documents or payment requests designed to trigger financial action — like authorizing payments or releasing funds.
- Foundation for Wire Fraud: Once trust is established, attackers often escalate to wire fraud — where victims are tricked into electronically transferring large sums to fraudulent accounts. Asset managers and finance teams are particularly vulnerable because:
- Transactions are high value,
- Documentation typically comes via email,
- Domain typos can easily slip past cursory checks.
In other words, the same technique that fools people into clicking phishing links also makes fraudulent financial communications appear “safe.”
Why Asset Managers Are at Risk
Asset management teams face unique exposure:
- Complex approval processes: Large transfers typically require fewer checkpoints once certain authenticity assumptions are made.
- Established trust networks: If a vendor or partner “looks” familiar, teams may skip reverse verification.
- Volume of digital communication: High volumes of email, invoice, and client interactions create opportunities for attackers to blend in.
- Portfolio Acquisitions: Portfolio Company Acquisitions represent significant financial risks to Private Equity as these purchases are usually a ‘one off’ transaction in which the wire instructions often come from either the Deal Team, an unknown entity (often overseas) or more likely a combination of the two in which the verification of instructions can be very difficult. In one instance, BW Cyber prevented a $100m wire fraud just 3 days prior to the closing of the deal.
Cyber Insurance Usually Does Not Mitigate the Risk
Due to the prevalence of wire fraud (referred to as “Social Engineering” in most cyber insurance policies) most cybersecurity insurance policies sublimit coverage of “Social Engineering” to no more than $250k – regardless of the size of the policy. Moreover, most policies specifically do not include POOLED ASSETS in this coverage. This means that asset managers who manage and invest customer funds via a pooled vehicle (think hedge, PE, etc.) do not have any insurance coverage for losses associated with client fund transfers (e.g., disbursements, redemptions, PortCo transactions, etc.).
Final Thoughts
When fraudsters use look-alike domains to impersonate trusted businesses, they’re not just stealing credentials — they’re weaponizing trust against some of the most sophisticated teams in finance.
Asset managers need to recognize that every character in a domain counts — and a missed typo might be the costliest mistake of all.
Contact BW Cyber to strengthen your cybersecurity posture — before a simple typo becomes a costly incident.