Most Popular Domain Scams, Part II


Most Popular Domain Scams

Don’t fall for it! Even if you don’t believe your domains are valuable, a breach in one account’s security could easily bleed into your other online accounts. You can read about more specific prevention methodologies in my previous article on protecting your domains and sensitive data.

In the first part of this series I covered the most prominent domain appraisal scam in depth, since they are so widely prevalent. This second part will cover your more generic, but potentially equally devastating, email phishing scams.

There’s been a flurry of email phishing scams over the last week disguised as registrar abuse alerts, but in the past they’ve also gone by whois security notices, unpaid invoice updates, and more. Read on for more information on how to spot these scam attempts, how to report them, and what basic safeguards to implement.

Here’s the scam breakdown

  1. You’ll receive an email from what appears to be your domain’s housing registrar. The email will alert you of an action that you need to take in order to keep your domain safe. It will prompt you to click on a link, reply with personal account information, or download a file.
  2. By downloading these malware infected files, replying with the prompted sensitive info, or entering in your account credentials into a copycat site page will then leave you vulnerable.
  3. The end result will be varied. Your domains will be stolen, your personal information sold, or accounts with similar information will be compromised for further theft.

Examples

As we advance in detecting scammers, so too will their attempts become more sophisticated. We can’t always rely on spotting suspicious email addresses, typos, grammatical errors, and introductory general addresses like “To Whom It May Concern” as red flags.

Here’s an example of a phishing email that Elliot Silver over at DomainInvesting.com recently wrote about:

“(Subject: Domain [redacted.COM] Suspension Notice

Dear Sir/Madam,

The following domain names have been suspended for violation of the ENOM, INC. Abuse Policy:
Domain Name: [redacted.COM]
Registrar: ENOM, INC.
Registrant Name: DOMAIN ADMINISTRATOR

Multiple warnings were sent by ENOM, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us by email at mailto:abuse@enom.com for additional information regarding this notification.

Sincerely,
ENOM, INC.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101”

 

This email scam disguised itself as a GoDaddy security alert and was reported by a NamePros member:

“Confirm Your Identify.

An unknown user was trying to login your GoDaddy account with an incorrect password on Monday 12 January, 2015 07:12 GMT, and with an unknown DNS IP Location:

(United States) IP=[retracted], as a result of that we partially blocked your GoDaddy accounts due to major security protocols.

Kindly visit our GoDaddy account Re-Activation Center Click here: [retracted]

We are sincerely sorry for any inconvenience.

GoDaddy Customer Support.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Copyright (c) 1999-2015 GoDaddy.com, LLC. All rights reserved.”


Here’s another that some have received in the past:

“Dear Valued GoDaddy

Your GoDaddy service(s) shown below has been suspended because some of the purchases on your account remain unpaid. For a limited time, however, the services will continue to be registered to you even while disabled .

Account Holder: [retracted]

The following nsWebAddress™ are in this account : [retracted]

Please make payment immediately upon receipt of this notification, or the nsWebAddress™(es) listed above will be deleted from your account and we may, in accordance with our service agreement, attempt to renew and transfer the nsWebAddress™ listed above to a third party on your behalf. This notice has been sent to both the Primary Contact and Registrant assigned for these services.

To make payment and reinstate your services, please Follow the reference below: [retracted]

Thanks for your co-operation.

GoDaddy Customer Support.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Copyright (c) 1999-2015 GoDaddy.com, LLC. All rights reserved.”

How to protect yourself

Joe Styler from GoDaddy recently wrote a great article outlining how to protect your domains in detail, but I’ll also summarize some basic advice here:

  1. Use a different admin account email address than what you put on your public WHOIS contact details
  2. Enable two factor authentication protocols where they’re available
  3. Check the authenticity of hyperlinks by hovering over its text first to see if it’s directing you towards a legitimate site
  4. Always navigate to your registrar’s default homepage if you’re going to log into your account
  5. Make sure your computer and its antivirus software is always up-to-date

What you can do about it

  1. Comment on this article with the email address and message of any scam attempts you’ve received.
  2. Post a warning on NamePros with the same information alerting the domain community of the scam.
  3. Report it to a major domain industry blog so they may alert the public.
  4. Send a message to the perpetrating domain’s registrar abuse contact email found on its WHOIS info.
  5. Mark the message as spam in your email client.

Halloween is almost upon us. As trick-or-treaters go door to door in masks, so do we receive emails appearing to be things they are not. As always, it’s imperative that we shine a light on these “tricks.” It’s nearly impossible to catch some of these thieves, but the least we can do is make their job as difficult as possible by taking off their masks.

Stay vigilant and tune in next time for part III of this series.

{ 2 comments… add one }

  • Joe Styler October 29, 2015, 5:13 pm

    Great article to help people keep their names safe. Thanks for the shout out.

    Reply
  • Ruben October 30, 2015, 7:39 am

    Great article!!

    Reply

Leave a Comment