Attention Webmasters: Fake Domain Renewal Emails Spotted
I have a lot of domains. Well, a lot is relative but it is enough to lose the overview occasionally. While the majority is hosted at one popular provider (Godaddy), some are hosted at other domain registrars and web hosting companies. I get regular automated emails from those companies. They tell me that a domain name is expiring for instance.
Imagine my surprise when I received a new email today from a company that I never worked with before. The email was send by [email protected] and was send via secureserver.net, a Godaddy owned company IIRC.
It reads:
FWD: Attention: MARTINBRINKMANN.com Expiring Soon
Notice of Expiration
Domain Name: MARTINBRINKMANN.COM
Bill To: Invoice # 1304452910
Invoice Date May 3, 2011
Essen, NR Terms Net 14
45130 - US Due Date May 18, 2011
P.O. #
ONLINE SECURITY
Domain Name Registration Price Term
MARTINBRINKMANN.COM May 3, 2011 - May 3, 2012 $75.00 1 YearAttention :
This solicitation is to inform you that it's time to send in your search engine registration for MARTINBRINKMANN.COM. DRS is a submission service and search engine ranking firm.
Failure to complete your search engine registration by May 18, 2011 may result in the cancellation of this offer (making it difficult for your customers to locate you using search engines on the web).
Your registration includes search engine submission for MARTINBRINKMANN.COM for 1 year. You are under no obligation to pay the amount stated above unless you accept this offer by May 18, 2011. This notice is not an invoice. It is a courtesy reminder to register MARTINBRINKMANN.COM for search engine listing so that your customers can locate you on the web.
This Offer for MARTINBRINKMANN.COM will expire on May 18, 2011. Act today!
For Domain Name:
MARTINBRINKMANN.COM
ONLINE SECURITY
unsubscribe
All links in the email pointed to http://domainrenereg.com/. A few aspects of that email were suspicious:
- I was not addressed personally
- The price for a one year renewal was way to high ($75)
- The domain was set to expire on May 3, 2011 but I did not receive renewal emails before.
- The domain was paid for until 2013 and not 2011
I was curious and visited the site anyway. I knew that I was protected from harm by NoScript, so no worries there. The page looked like this
Notice anything in particular? Right, there is no account login on the page. All you can do is to enter your credit card data on the first page. That page was obviously phishing for credit card information.
This is the first time that I have received such an email. It looks and feels very amateurish to me. Having said that, it is likely that the attackers will tune the emails in the future, for instance by only writing to domain owners whose domains are really expiring.
Use this as a word of caution. If you receive such emails submit them to your domain registrar so that their legal department can take care of it.
As a side note. I'm currently working on a domain management tool which webmasters and companies can use to manage all their domains and web properties. If you are interested to hear more about it let me know.
Advertisement
Got one much the same as that myself for one of several/many domains I look after.
It’s a pretty good job too as these things go. However, it stuck out for me too for much the same reason as you mention (a) not from one of the small number of companies who look after my domains (b) price.
Undoubtedly it will catch out the unwary though.
It’s an obvious phishing scam, especially when you read what it’s for – search engine registration – not domain name registration.
It is nevertheless linking domains to their rightful owners. But good eyes you got, that the money you pay for is not for the domain renewal.
If this is your first phishing on domain registration you have been lucky I guess. I get about one a month. The highest attempted registration fee I’ve run into is $125 / yr or a real discount of $200 for 2 yearrs :)
Fortunately I have all of the domains on a host that provides the registration dates etc. with auto-renews, so I know whatever I get via email is not real.
I got this as well except that it has all my personal information connected to my account. Don’t know how they got this information.
Probably from the whois information.
Yup…just received one of these today. The tip off? The over-inflated renewal amount!
Was about to “reply” regarding the new rate, when it hit me, somethin’ ain’t right here. Their email address was fishy, looked it up, found it was associated with “cashparking.com”…you can read the “who-is” on this one.
Thanks for your boards as well, for further info.
DLR
Yeah – I’ve just had this too. If they wanted my credit card details they could have been smart enough to guess approximately how much I expect to pay for “search engine registration”. NOT 75$! God bless the idiots of this world! Seriously though, we need to watch out for these guys getting smarter as has been pointed out. Hey – it wouldn’t be difficult!
Hi – just had the same email. A number of things stood out that made it suspect. The subject line started with *Re: * for a start! Some poor sentence structure, along with the fact that my webhosting company was not listed anywhere made it easy to spot the fake, but I’m sure it would be successful with some. Very sneaky!
FYI – I found this site just by googling the subject line – so great stuff!
Cheers, A
Thanks for the heads up. FBed it to all I know, and our company is notifying our clients.
I found this article because a client of mine asked about their domain.
Thanks again,
M!ck
Ricepirate
this is the website –
http://comregistrat.com/order/1BM1apH8aBwzCc7Z_YC4lg%3D%3D
here is the owner of the site – i am going to call the police in beverly hills to get this idiot.
domain: comregistrat.com
created: 14-Sep-2011
last-changed: 15-Sep-2011
registration-expiration: 14-Sep-2012
nserver: ns1.cucpa.com 216.83.33.8
nserver: ns2.cucpa.com 216.83.33.8
status: CLIENT-TRANSFER-PROHIBITED
registrant-firstname: T
registrant-lastname: Jackson
registrant-street1: PO Box 2818, Beverly Hills
registrant-pcode: 90213
registrant-state: CA
registrant-city: Beverly Hills
registrant-ccode: US
registrant-phone: +1.3103675558
registrant-email:
admin-c-firstname: T
admin-c-lastname: Jackson
admin-c-street1: PO Box 2818, Beverly Hills
admin-c-pcode: 90213
admin-c-state: CA
admin-c-city: Beverly Hills
admin-c-ccode: US
admin-c-phone: +1.3103675558
admin-c-email:
tech-c-firstname: T
tech-c-lastname: Jackson
tech-c-street1: PO Box 2818, Beverly Hills
tech-c-pcode: 90213
tech-c-state: CA
tech-c-city: Beverly Hills
tech-c-ccode: US
tech-c-phone: +1.3103675558
tech-c-email:
bill-c-firstname: T
bill-c-lastname: Jackson
bill-c-street1: PO Box 2818, Beverly Hills
bill-c-pcode: 90213
bill-c-state: CA
bill-c-city: Beverly Hills
bill-c-ccode: US
bill-c-phone: +1.3103675558
bill-c-email:
this is a bogus link for a scam
http://sportbullet.com/b3d238/index.html
it has been used as a phishing scam to get businesses to click, for fear that the BBB has a complaint on them. it poses as coming from the BBB, but it has nothing to do with the BBB or the BBB complaints. The BBB does not send complaints by email.