Last week I wrote about the latest email scam that is targeting domain name owners. Domain name owners receive an email with their details from whois data and a domain name that may or may not be expiring. The scam uses a disposable domain name with ICANN’s logo and info plastered all over it. The email asks owners to go to that website so they can renew their domain names. All that the scam tries to do is steal credit card information.
ICANN issued an alert about this scam today:
ICANN was recently alerted to a new phishing scam concerning domain registration renewals. The phishing emails use ICANN’s branding and logo, and can appear as though ICANN is the sender. However, once registrants click on links within the spoofed email, they are taken to a fake registration renewal site that captures their credit card and personal information.
Phishing scams, like these, are a popular tool among cybercriminals. They mirror familiar brand imagery, visuals and language in order to fraudulently obtain credentials and personal financial information from users.
ICANN does not process domain registrations, nor collect fees from registrants directly. As a best practice, if an email looks suspicious or is similar to the example above, registrants should avoid clicking on any links in these emails and delete them from the inbox.
ICANN is actively investigating these cases and advises registrants who encounter similar incidents to report them to ICANN immediately via an email to Contractual Compliance at compliance@icann.org. For any concerns about domain name status, registrants should contact their sponsoring registrar directly.
Phishing is a type of email scam that cybercriminals use to steal credit card or personal identifying information. The Anti-Phishing Working Group (APWG) reported that 125,215 attacks occurred [PDF 1.28 MB] in January through March of this year alone, which reminds us to be suspicious of “too good to be true” offers you receive in email, even if they appear to come from places you interact with or trust, includingICANN.
Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to “click here” to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN‘s branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.
Phishing attacks frequently employ the use of familiar imagery, visuals and language associated with well-known brands in order to trick recipients into believing they come from a valid source. In recent years, scammers have grown especially adept at mimicking real communications, so it’s especially important that registrants take note of any suspicious or unsolicited emails coming from ICANN.
The security of our community remains one of our key priorities. While ICANN is actively investigating these scams, we recommend that registrants also take steps to protect their personal information. If you receive an email similar to the one described above, follow these steps:
- Be suspicious of any email that offers domain renewal services from ICANN. As a reminder, ICANN does not process domain registrations or collect fees from registrants directly. All fee collections are transactions between the registrar and the registrant.
- Report any scams to ICANN immediately via an email to Contractual Compliance at compliance@icann.org. Where possible, please provide a copy of the suspicious email.
- Contact your sponsoring registrar directly for any concerns about the status of your domain name.
While cybercriminals are always looking to exploit people’s good intentions, it serves as a reminder to always use email security best practices. If you think an email is suspicious, always avoid clicking on any links in the message.