Attention Webmasters: Fake Domain Renewal Emails Spotted
I have a lot of domains. Well, a lot is relative but it is enough to lose the overview occasionally. While the majority is hosted at one popular provider (Godaddy), some are hosted at other domain registrars and web hosting companies. I get regular automated emails from those companies. They tell me that a domain name is expiring for instance.
Imagine my surprise when I received a new email today from a company that I never worked with before. The email was send by [email protected] and was send via secureserver.net, a Godaddy owned company IIRC.
FWD: Attention: MARTINBRINKMANN.com Expiring Soon
Notice of Expiration
Domain Name: MARTINBRINKMANN.COM
Bill To: Invoice # 1304452910
Invoice Date May 3, 2011
Essen, NR Terms Net 14
45130 - US Due Date May 18, 2011
Domain Name Registration Price Term
MARTINBRINKMANN.COM May 3, 2011 - May 3, 2012 $75.00 1 Year
This solicitation is to inform you that it's time to send in your search engine registration for MARTINBRINKMANN.COM. DRS is a submission service and search engine ranking firm.
Failure to complete your search engine registration by May 18, 2011 may result in the cancellation of this offer (making it difficult for your customers to locate you using search engines on the web).
Your registration includes search engine submission for MARTINBRINKMANN.COM for 1 year. You are under no obligation to pay the amount stated above unless you accept this offer by May 18, 2011. This notice is not an invoice. It is a courtesy reminder to register MARTINBRINKMANN.COM for search engine listing so that your customers can locate you on the web.
This Offer for MARTINBRINKMANN.COM will expire on May 18, 2011. Act today!
For Domain Name:
All links in the email pointed to http://domainrenereg.com/. A few aspects of that email were suspicious:
- I was not addressed personally
- The price for a one year renewal was way to high ($75)
- The domain was set to expire on May 3, 2011 but I did not receive renewal emails before.
- The domain was paid for until 2013 and not 2011
I was curious and visited the site anyway. I knew that I was protected from harm by NoScript, so no worries there. The page looked like this
Notice anything in particular? Right, there is no account login on the page. All you can do is to enter your credit card data on the first page. That page was obviously phishing for credit card information.
This is the first time that I have received such an email. It looks and feels very amateurish to me. Having said that, it is likely that the attackers will tune the emails in the future, for instance by only writing to domain owners whose domains are really expiring.
Use this as a word of caution. If you receive such emails submit them to your domain registrar so that their legal department can take care of it.
As a side note. I'm currently working on a domain management tool which webmasters and companies can use to manage all their domains and web properties. If you are interested to hear more about it let me know.Advertisement