Another new phishing scheme is unveiling, you get the scope here!

I recently received this email:

Dear user,

On Fri, 31 Oct 2008 22:51:51 +0300 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Fri, 31 Oct 2008 22:51:51 +0300 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION – http://www.enom.com

Thank you,

Domain Services

[IncidentID:78730]

At first it looks like the real thing, but it’s enough to mouse over the link to see it’s not going to enom.com, but some phishing site instead. This is a relatively new scheme and well thought of. It’s very likely for a domain owner to believe something like that and click the link quickly, fearing he might lose his domain over inaccurate whois.

So be warned and as always make sure you mouseover the  links in emails to see the url in the browser status bar, before clicking it.

2 Responses

  1. I have gotten this kind of emails as well.

    Be smart and not naive.

    Only open emails that you know who the sender is and do NOT open any attachments at all (that is the spyware)

  2. The tactic is not really new, its just that it has probably just started for domains, however this has been happening to ebay users for a long time.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.