Warning: Enom Phishing Email Making the Rounds | DomainInvesting.com
Neustar Domain Names

Warning: Enom Phishing Email Making the Rounds

9

I want to share a warning that I received from a reader about an apparent phishing email that seems to be targeting domain names registered at Enom. The domain name that was used has Enom in it, but it was not Enom.com.

The person who reported the email to me said, “I received 4 today for different domains. All CCC,com domains.” This may indicate that the person is targeting a specific type of domain name, so be on the lookout!

Phishing emails are dangerous because they can lead to stolen domain names. They tend to look like authentic emails from a domain registrar, and this leads to people clicking on them and entering information that would likely compromise their accounts. Domain thieves can then steal the domain names more easily.

I recommend that you use two factor authentication at your domain registrar and not click on any links within emails to ensure that you don’t fall prey to a phishing attempt. I also recommend reporting phishing attempts to the domain registrar so they can be aware of these phishing attempts.

Thank you to Richard for sharing this warning with me. The email he received is below, with the verification code and domain name removed from the email:

As of Feb 1, 2015, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications.

You have registered one or more domains from Enom Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until 03/01/2015 to verify this email address. After this date, the domain name(s) will be suspended until the email address is verified. please cut-and-paste the following URL into an open web browser to complete the verification process:

[REDACTED]

Once you click the link, your email address will be instantly verified and there is nothing further for you to do on the following domains:

[REDACTED]

Sincerely,

Enom Inc.


About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.


Reach out to Elliot: Twitter | | Facebook | Email

Comments (9)

    David Walker

    Thanks for the heads up!

    February 1st, 2015 at 12:16 pm

    Brandon Abbey

    Great advice. The FBI just issued a public service announcement regarding email scams like these.
    http://www.ic3.gov/media/2015/150122.aspx

    February 1st, 2015 at 12:21 pm

      Louise

      The link is broken. Can you find the warning, please?

      In reply to Brandon Abbey | February 2nd, 2015 at 2:49 pm

      Louise

      Okay, it works, now. Thanx for that!

      In reply to Brandon Abbey | February 2nd, 2015 at 2:52 pm

    Pete

    This sounds like a legitimate request.

    f.Verify:

    i.the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or

    ii.the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name Holder’s telephone number providing a unique code that must be returned in a manner designated by the Registrar, or (B) calling the Registered Name Holder’s telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail.

    https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois

    February 1st, 2015 at 11:43 pm

      Elliot Silver

      Yes, it does sound legitimate, which is why there is the potential for confusion.

      The domain name used in this email for the “verification” is not owned by Enom, which gives away that it is not legitimate.

      February 2nd, 2015 at 7:24 am

    Ron West

    The enom raa notification contains 4 languages as an FYI. That’s at least a starting reference if the email is legit or not.

    February 2nd, 2015 at 1:01 am

    name withheld

    The dead give-away that the verification was not legit was the whois for the domain the enom email instructed receiver to use to verify the email accuracy of the domain. Plus, all of the multiple emails were concerning CCC,com domains. (2 red flags (no pun intended))

    Updated Date: 2014-12-31 T08:29:14Z
    Creation Date: 2014-12-31 T08:29:14Z
    Registrar Registration Expiration Date: 2015-12-31 T08:29:14Z
    Registrar: eName Technology Co.,Ltd.
    Registrant Name: gaoxiaofeng
    Registrant Organization: gaoxiaofeng
    Registrant Street: kunmingshi
    Registrant City: Kunmingshi
    Registrant State/Province: Yunnan
    Registrant Postal Code: 650000
    Registrant Country: CN
    Registrant Phone: +86.13062442027
    Registrant Fax: +86.13062442027
    Registrant Email: gaoxiaofeng67890@gmail.com

    February 2nd, 2015 at 2:01 pm

    Louise

    Softwares alert Registrars in real time, practically, when domain infringes its trademark. Form c&d emails have been sent for years. Why, now, are Registars allowing exact match domains to be registered and kept by third parties? ugly reality is they are in on secret deals to transfer your assets to China for their profit.

    February 2nd, 2015 at 11:30 pm

Leave a Reply

Name *

Mail *

Website