Stupidest Trojan Email I Have Ever Received

noI got an email yesterday that made me laugh. I get 10s of email that contain viruses, backdoors and trojans every day. Most are caught by the antivirus or end up in the spam folder.

But the email I got today was not caught and ended up in my inbox. The subject and the company name contained in the email was hilarious.

I opened it the email without opening the attachment. The subject was Continue reading

New Spam/Scam Using Escrow.com To Get Your Attention

noI was the target of what seems to be a new spam (or a potential scam) method. Someone I didn't know started an Escrow.com transaction for a domain name that I had never seen before: PJA.com.

The transaction title was "Chance for you to get PJA.com in Cheap price" and the price was set at $22,222. The seller/broker was SHAHENAZ SHAFI SHAIKH (shahenazandshafi@gmail.com). I don't know if this a real name or not. The seller was set as "Confidential".

The transaction was Continue reading

iWire.com Winning Bidder For $7,777 Tries To Sell The Domain Before He Pays For It At Snapnames

gtldsThe winning bidder of the iWire.com domain name is trying to sell the domain name before paying for it. The "buyer" won the domain in a Snapnames auction on the 19th of October for $7,777.

The domain is still showing as "Payment Pending" at Snapnames so the bidder has not yet send payment to snapnames. I know that it sometimes takes time to send the wire transfer that is required but I have a feeling that the funds will never reach snapnames.

So I got an email today, the 1st of November, with the subject Continue reading

How To Check If Any Of Your Domains Have Been Stolen From Moniker

monikerYesterday Moniker send emails to all its users with new passwords and asked them to change the passwords immediately. It was later reported that this was done after a massive hacking that resulted in many valuable domain names being stolen from various Moniker accounts.

First of all I must say that I can't believe that no one at Moniker noticed that a single IP logged into thousands of accounts. Is there anyone over at Moniker? This is a major flag that went unnoticed. This went on for 2 weeks that gave the thieves plenty of time to transfer out any domains the wanted.

Of course if you own a very small number of domains you can check whois and then check if the domain is in your Moniker account. But if you have thousands of domains it is not that easy.

First of all you should Continue reading

Huffington Post: “How To Protect Yourself From Domain Thieves”

noOn Monday, The Huffington Post reported on domain theft, a scheme in which hackers steal valuable Internet addresses and sell them in online forums or extort their rightful owners.

They now have a followup article on how domain name owners should protect themselves from domain name thieves.

Some of the advice offered is bad or not very accurate but it is a start on alerting the public on these mattes. For example the article suggests using a whois privacy service so that scammers can not send you phishing emails. Of course that is not true because if someone sends an email to the privacy email address shown on whois then the email is forwarded to your real email address. So you get the phishing email anyway. The only way to avoid phishing scams is not click on links from emails.

Also Huffington Post suggests that people use Web.com (one of the worst registrars around) because it Continue reading

ICANN Issues Alert On The Latest Domain Name Renewal Phishing Scam

icannLast week I wrote about the latest email scam that is targeting domain name owners. Domain name owners receive an email with their details from whois data and a domain name that may or may not be expiring. The scam uses a disposable domain name with ICANN's logo and info plastered all over it. The email asks owners to go to that website so they can renew their domain names. All that the scam tries to do is steal credit card information.

ICANN issued an alert about this scam today: Continue reading

New Domain Renewal Scam Steals Your Credit Card With A Tempting $3 Price And An ICANN Logo

noAn internet maze of several (some hidden) domain names across different registrars, with or without whois privacy, 2 countries, stolen credit card numbers and ICANN. And this only part of what this scam is about.

I got an email yesterday with the subject "clinicalagency.com EXPIRATION!". The renewal price is very low at $3 for a .com that it is very tempting for people that don't know much about domain names, registrars and renewals.

The email comes from "INTERNET DOMAIN REGISTRATION" and the email address: domain@domaiinnregistration.com. The domain name spells "domain" with 2 "i"s and 2 "n"s. But "domaiinnregistration.com" is not even registered.

The actually mistyped the email address as their scam website is located at Continue reading

New UK Domain Name Spammer SwitchAds.com (SwitchConcepts.co.uk and SwitchConcepts.com)

I got a spam email from SwitchAds.com yesterday for the 20th time so I decided to reply and ask them to unsubscribe me as they seemed like a real United Kingdom company. And they actually replied even though I didn't like what they said.

The spam has an email called "Enquiry" and that is because it targets domain name owners after harvesting domain name whois records for email addresses.

Here is the body of the email I got from sarah.webb@switchads.com:

Hi,

I'm looking to get in touch with the person responsible for display advertising on ******.com, are you able to help?

We have created a really simple platform that works in partnership with your existing advertising solution (e.g. Google AdSense) to help websites like yours generate more revenue and we've got strong advertising demand in your sector right now. 

I'd love to discuss setting up a test with you to prove how good SwitchAds really is. Who’s the best person to talk to?

Kind regards,
--

Sarah Webb
Sales Manager

Switch Concepts Limited
Hounsdown House,
Hounsdown Business Park,
Southampton SO40 9LX
United Kingdom

M: +44 (0) 7585 118336
T: +44 (0) 333 200 1230
switchads.com

As there is no unsubscribe link on the email, I replied to them and I asked them to remove me from their mailing list and got this reply: Continue reading

“Domain Registry of America” Registrar Suspended By ICANN For 90 Days

The registrar BRANDON GRAY INTERNET SERVICES INC. (dba NameJuice.com) that has been behind the "Domain Registry of America"  (DRoA) or "Domain Renewal Group" scam was suspended by the Internet Corporation for Assigned Names and Numbers (“ICANN”) on the 19th of July 2014.

Brandon Gray’s ability to create new Registered Names or initiate inbound transfers of Registered Names is suspended for 90 days pursuant to Section 5.7 of the RAA. The suspension is effective 19 July 2014 at 00:00 UTC and will conclude on 17 October 2014 at 00:00 UTC, or longer if Brandon Gray has not demonstrated compliance on or before 10 October 2014.

The registrar scam sends domain name expiration letters all over the world asking for Continue reading

Warning: Fraudulent ICANN Domain Name Certificates

ICANN issued a warning today regarding some people trying to sell generic top-level domain (gTLD) centificates. These fraudulent certificates claim to protect registrants from something that I don't quite understand. If you have received such an email please post it on the comments below.

The "certificates" look official and include an unauthorized use of the ICANN logo and the people making them are trying to extort money from registrants.

"ICANN is currently investigating these cases and advises registrants who encounter similar incidents to report to ICANN immediately via an email to Contractual Compliance at compliance@icann.org."

ICANN recommends that anyone wishing to register a domain name under a generic top-level domain name to do so using an ICANN-accredited registrar. And if you want to buy an already registered domain in the secondary market then you should always use a secure escrow service such as escrow.com or eCop.com. Continue reading