ZOHO Letting Fraudsters Use Their Web and Email Services
We have been an e-retailer for 12 years as of 2018. The uptick in fraud transactions for the last 5 years is unprecedented. We have seen all kinds of fraud requests and tried to inform other ecommerce businesses through our Fraudulent Customers - Ecommerce Awareness article. As you may see, we have exposed tens of fraudsters trying to get away from e-commerce companies like.
In recent months, we have seen a different kind of attack. These fraudsters are registering domain names with a typo of the original domain name then point these domains to Zoho.com servers. They use Zoho Mail servers and web servers to create fake websites as well as email accounts to email us. I personally called Zoho headquarters and left voicemails. They never returned our calls thus I decided to share this with you so you know what is going on behind the scenes.
I would like to share one example that took place this morning. Fraudsters using a company called The Dow Chemical Company. We received an email from a domain name dowschemicals.com as you can read it below. If you only go off of what they say in the email, everything looks legit.
First thing we do is to search the company name in search engine. It turns out the company's real domain name is dow.com and not dowschemicals.com
Now comes the fun part. You pull up their website. You come to see the beautiful colors of Zoho logo. We have seen domains after domains being registered and pointed at Zoho.com. Zoho is their popular destination and that is for a reason. Zoho is letting these fraudsters use their own email servers as web mail. When you look at the headers of their email, you can trace it back to Zoho Email servers but you can not go beyond.