I want to share a warning that I received from a reader about an apparent phishing email that seems to be targeting domain names registered at Enom. The domain name that was used has Enom in it, but it was not Enom.com.
The person who reported the email to me said, “I received 4 today for different domains. All CCC,com domains.” This may indicate that the person is targeting a specific type of domain name, so be on the lookout!
Phishing emails are dangerous because they can lead to stolen domain names. They tend to look like authentic emails from a domain registrar, and this leads to people clicking on them and entering information that would likely compromise their accounts. Domain thieves can then steal the domain names more easily.
I recommend that you use two factor authentication at your domain registrar and not click on any links within emails to ensure that you don’t fall prey to a phishing attempt. I also recommend reporting phishing attempts to the domain registrar so they can be aware of these phishing attempts.
Thank you to Richard for sharing this warning with me. The email he received is below, with the verification code and domain name removed from the email:
As of Feb 1, 2015, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications.
You have registered one or more domains from Enom Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until 03/01/2015 to verify this email address. After this date, the domain name(s) will be suspended until the email address is verified. please cut-and-paste the following URL into an open web browser to complete the verification process:
[REDACTED]
Once you click the link, your email address will be instantly verified and there is nothing further for you to do on the following domains:
[REDACTED]
Sincerely,
Enom Inc.
Thanks for the heads up!
Great advice. The FBI just issued a public service announcement regarding email scams like these.
http://www.ic3.gov/media/2015/150122.aspx
The link is broken. Can you find the warning, please?
Okay, it works, now. Thanx for that!
This sounds like a legitimate request.
f.Verify:
i.the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or
ii.the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name Holder’s telephone number providing a unique code that must be returned in a manner designated by the Registrar, or (B) calling the Registered Name Holder’s telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail.
https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois
Yes, it does sound legitimate, which is why there is the potential for confusion.
The domain name used in this email for the “verification” is not owned by Enom, which gives away that it is not legitimate.
The enom raa notification contains 4 languages as an FYI. That’s at least a starting reference if the email is legit or not.
The dead give-away that the verification was not legit was the whois for the domain the enom email instructed receiver to use to verify the email accuracy of the domain. Plus, all of the multiple emails were concerning CCC,com domains. (2 red flags (no pun intended))
Updated Date: 2014-12-31 T08:29:14Z
Creation Date: 2014-12-31 T08:29:14Z
Registrar Registration Expiration Date: 2015-12-31 T08:29:14Z
Registrar: eName Technology Co.,Ltd.
Registrant Name: gaoxiaofeng
Registrant Organization: gaoxiaofeng
Registrant Street: kunmingshi
Registrant City: Kunmingshi
Registrant State/Province: Yunnan
Registrant Postal Code: 650000
Registrant Country: CN
Registrant Phone: +86.13062442027
Registrant Fax: +86.13062442027
Registrant Email: gaoxiaofeng67890@gmail.com
Softwares alert Registrars in real time, practically, when domain infringes its trademark. Form c&d emails have been sent for years. Why, now, are Registars allowing exact match domains to be registered and kept by third parties? ugly reality is they are in on secret deals to transfer your assets to China for their profit.