No announcement yet.

Beware of a global domain name phishing email attack

  • Filter
  • Time
  • Show
Clear All
new posts

  • Beware of a global domain name phishing email attack

    We have received a number of complaints from customers about a phishing email, which pretends to be sent by us – LiquidNet Ltd., by eNom, or by another legitimate domain registrar. Global phishing attacks are common nowadays. However, this particular one goes one step further, stirring confusion by including a specific domain name that is owned by the given recipient, rather than some random content.

    What is the phishing email about?

    Here is how a phishing email like this looks like (click on the image to expand):

    The accurate domain owner information, coupled with the sense of urgency created by the phishers themselves, have caught many users off guard and have prompted them to click on links, which lead to virus-infected websites.
    Fortunately, many of the companies hosting the phishing sites have been notified and the harmful pages have been suspended. However, this does not exclude the possibility that other infected pages may still be circulating around.
    What should you do when you receive such an email?

    First and foremost:
    A quick way to verify if the email sender in the header is authentic is to always hover over the link itself to see where it’s going.
    In those emails, the sender’s address has been replaced by a legitimate one, but you can easily tell whether the message has come from a notorious phishing location like China.
    Here is an example of how a phishing email’s Return-Path header would look like:
    Received: from
    Mobile phone users can press and hold the link to see the full URL.
    If you are still in doubt, forward any emails you are unsure of to and we will reply back shortly.

  • #2
    I purchased a new domain name two days ago. Within hours of registering it I started to get spam and scam emails.

    Most of them were touting for business wanting to register the site with search engines and help me with SEO. But one of the emails was a "DOMAIN SERVICE NOTICE" and marked as urgent. It was basically making out that the domain purchase had not been successful and I needed to act immediately to secure it. They wanted more money, I think its was in the region of $99 to renew and secure the domain I registered! Needless to say the email was deleted and the entire IP range the email was sent from blocked via iptables.

    But I cant help but think that a new customer would not be so wary and I can see how people would fall for this. Is there anything we can do to prevent these emails? How are they getting the email address in the first place, via the WhoIs system?


    • #3
      hi-i receive the 'domain service notice' type of emails as well. there have been alot of articles in the various domain name forums regarding what can be done and the bottom line is basically nothing. you will never stop a hacker and you will never stop a phisher. sources for the email address of a registered domain name owner always lead to denial of companys that they are not selling customers information. i did want to include a phishing email i received yesterday. if your a domain name owner the following phishing email does exactly what they want it to do which is to get your attention immediately: (registrar info has been placed with ***xx)

      Dear Sir/Madam,

      The following domain names have been suspended for violation of the ******, Inc. DBA ****** Abuse Policy:

      Domain Name: ***
      Registrar: ******, Inc. DBA ******.com
      Registrant Name: *********

      Multiple warnings were sent by ******, Inc. DBA ****** Spam and Abuse Department to give you an opportunity to address the complaints we have received.

      We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

      We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

      Click here and download a copy of complaints we have received.

      Please contact us for additional information regarding this notification.

      ******, Inc. DBA ******.com
      Spam and Abuse Department
      Abuse Department Hotline: ***-***x-***x


      definately got my attention. thanks


      • #4
        Could we as resellers use our details on the WhoIs details section? For example, replace the emails with Both resellers and RSP will know the customers real email address should they need to be contacted. This would protect our clients/customers from receiving these spam emails and also give us a chance to get our brand out there.

        For example:

        Registrant Name: Customer c/o
        Registrant Organization: c/o
        Registrant Street: 7 Anywhere Street
        Registrant City: The big apple
        Registrant State/Province: NY
        Registrant Postal Code: 1000
        Registrant Country: US
        Registrant Phone: +1.555-123-1234
        Registrant Phone Ext:
        Registrant Fax:
        Registrant Fax Ext:
        Registrant Email:

        Any thoughts?


        • #5
          I got half a dozen spam emails today, offering free logos to SEO. How do they know the domain was just registered, there must be a rogue company with access to the registry who is selling the details of all new registrations?


          • #6
            You deff. don't want that. We are receiving a regular supply of court orders and legal inquiries when a domain name with whois protection starts selling fake pills and such. If its your brand there you will be hold responsible for that which trust me you don't want! Besides whois protection service actually sends the e-mails to the registrant anyway lol
            I cant seem to reply directly to your comment above. But as I vet my customers and the domains they register, I cant seen a problem for myself. For me, protecting my customers from these emails is more important, as a lot of them have no idea and will probably click on the links and engage with the scammer/phisher.

            It also looks bad from my customers point of view, they dont understand that WhoIs servers are public and they provided me with their personal details in order to register the domain. As far as they are concerned its me who is leaking the data and giving their details to criminals trying to relieve them of hard earned money.


            • #7
              Clivejo, while I can certainly understand your frustration with these spammers/phishers and wanting to protect your clients I believe Yav is right.

              As yav0r said it's really something we don't want to mess with and not something we want to give any courts leverage to go after us or our brand because of the actions of others.

              The best thing to do is try and educate your customers as much as possible in blog posts and possibly include a welcome email that warns your new customers that whois info is not private and even if you order privacy protection you may still get these phishing emails. Educating our clients is the best way to combat it. Also I would ensure that protections are properly worded in our sites "terms" for domain registration that mentions these potential phishing emails and holds RSP and us/our brands harmless.

              Speaking of privacy protection services, it's probably not the best time to ask, but I wish RSP would negotiate more competitive pricing for us resellers. I don't know if there is any wiggle room, but 9 dollars as the minimum price makes it difficult to compete with other sites right now offering it for as low as 6 dollars or even 4 dollars per year.


              • #8
                Truth be told I'm bit on edge with scammer and phishers at the moment. There has been lots of media attention here since a large telecoms company in the UK was hacked and stole customers details. Some of my family have been affected by it and receiving phone calls from phishers looking for more information so they have steal money from accounts. I've had to help out by basically locking down accounts all over the internet. The best way to combat these bar-stewards is to not let them have your data in the first place!


                • #9
                  Yav, I very much agree. I'm the same way. If everyone would just do the same it would greatly help the situation. Less people for hackers to exploit would maybe eventually cut down on the overall phishing attempts.