Latest news of the domain name industry

Recent Posts

Registrars warn of huge domain suspension scam

Kevin Murphy, October 28, 2015, 10:45:00 (UTC), Domain Registrars

Customers of at least half a dozen large registrars been targeted by an email malware attack that exploits confusion about takedown policies.
The fake suspension notices have been spammed to email addresses culled from Whois and are tailored to the registrar of record and the targeted domain name.
Customers of registrars including eNom, Web.com, Moniker, easyDNS, NameBright, Dynadot and Melbourne IT are among those definitely affected. I suspect it’s much more widespread.
The emails reportedly look like this:

Dear Sir/Madam,
The following domain names have been suspended for violation of the easyDNS Technologies, Inc. Abuse Policy:
Domain Name: DOMAIN.COM
Registrar: easyDNS Technologies, Inc.
Registrant Name: Domain Owner
Multiple warnings were sent by easyDNS Technologies, Inc. Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us by email at mailto:abuse@easydns.com for additional information regarding this notification.
Sincerely,
easyDNS Technologies, Inc.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101

The “click here” invitation leads to a downloadable file, presumably containing malware.
Of course, the best way to check whether your domain name has been genuinely suspended or not is to use it — visit its web site, use its email, etc.
As domain suspensions become more regularly occurrences, due to ICANN policies on Whois accuracy for one reason, we can only expect more scams like these.



Tagged: , , ,

Comments (3)

  1. Dan Rodgers says:

    This isn’t just a few registrar, it appears it might be the entire .COM zone.
    I’ve seen these emails come from PDR, Tucows and Paragon Internet Group Ltd too – It doesn’t appear to be targeted to registrars, just all .COM’s.

  2. This has been going on for years. ICANN simply lets it hang out there. The only people to whom ICANN is responsive on this topic are those who believe registrants should be more readily subjected to these kinds of shakedowns.
    http://www.circleid.com/posts/20120719_a_confession_about_icann_whois_data_reminder_policy/
    “The policy appears to be implemented by most registrars in the form of an e-mail notification to registrants (even though it doesn’t have to be in email). By definition, these notifications include almost entirely public information. They’re therefore a first-rate phishing vector: For example, send a notification with slightly (but embarrassingly) wrong WHOIS data, give a link to fix the data, and hope that people will click that link and hand over the credentials that they’re using to manage their registration.”

  3. Vupoti Ray says:

    Please vizit..

Add Your Comment