Home / Blogs

Domain Slammers Go Phishing

By Paul Holmes

ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people—and creates a whole lot of confusion for registrants. But that was a problem we could deal with.

Fast-forward to October, 2008. It seems domain slammers have clued into the confusion, teamed up with phishers (or have become phishers themselves) and are now sending out fake notices of their own. But instead of checking Whois, these ones are a little more serious and ask people to “login” at the (fake) link provided. Can you see what comes next?

I have already received one from a fake Network Solutions and one from a fake eNon, both starting yesterday—nicely corresponding with the “real” release of the reminders that Network Solutions has already been sending clients.

I think it might be wise for targeted registrars to take reasonable steps to inform registrants of this scam, but more importantly, I think it might be wise for ICANN to rethink this whole idea.

Example 1

Dear Network Solutions Customer,

We recently notified you that the registration period for your Network Solutions domain name had expired. As a benefit of having previously registered a domain name(s) with Network Solutions, you are eligible to receive a percentage of the net proceeds that were generated from the renewal and transfer of the domain name you chose not to renew. Since you have chosen not to renew the domain name listed below during the applicable grace period, we were successful in securing a backorder for this domain name on your behalf and it has been transferred to another party in accordance with the Service Agreement.

Renew your domain now - http://www.networksolutions.com (not the real link)

You must click on the following link, enter your domain name, and confirm your contact information in order to claim these funds. If your contact information is not correct, you must enter Account Manager and make the appropriate changes prior to clicking “submit” from the confirmation screen. If you do not do this, you will be confirming inaccurate information and will not receive any payment. Checks will only be made payable and mailed to the Account Holder of record.

Sincerely,

Network Solutions® Customer Support

Example 2

Dear user,

On Wed, 29 Oct 2008 22:26:54 +0600 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Wed, 29 Oct 2008 22:26:54 +0600 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION - http://www.enom.com

Thank you,
Domain Services

[IncidentID:37069]

 

By Paul Holmes

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

View All Topics