Beware of fake domain name suspension email notices

0It has come to our attention that fake suspension email notices posing as ‘PDR’ are being sent to you and your customers as part of a phishing scam.

These emails are being sent to the registrant email address fetched via the WHOIS record associated with the Domain. Many Domain Registrars have been affected by this spear-phishing attack too.

We request you to kindly ignore these emails and do not download any files or take any actions based on instructions from such emails, as the attachments might contain malicious files.

Although the emails usually target domain owners who have domain names registered by Google Domains (source: BotCrawl), this scam is capable of targeting anyone.

The emails attempt to convince you to download password stealing malware files (source: Hoax-Slayer article), that can in turn open the door to other malware.

SAMPLE EMAIL :

===== Start of Fake message =====

In a message dated 10/26/2015 11:09:57 A.M. Pacific Daylight Time,
abuse-contact@publicdomainregistry.com writes:

Dear Sir/Madam,

The following domain names have been suspended for violation of the PDR Ltd. d/b/a
PublicDomainRegistry.com Abuse Policy:

Domain Name: DOMAIN.COM
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrant Name: Dale Hale

Multiple warnings were sent by PDR Ltd. d/b/a PublicDomainRegistry.com Spam and Abuse Department to
give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via
telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download (hXXp://lanacion.com.ec/abuse_report.php?DOMAIN.COM) a copy of complaints we
have received.

Please contact us by email at mailto:abuse-contact@publicdomainregistry.com for additional information
regarding this notification.

Sincerely,
PDR Ltd. d/b/a PublicDomainRegistry.com
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101

===== End of Fake message =====

 

icann logo

ICANN Domain Renewal Scam

icann logoICANN, the global domain name coordinator, has raised awareness of a global scamming issue regarding domain renewals.

ICANN Domain Renewal Scam

The latest ploy among cybercriminals is sending registrants domain renewal emails, which pretend to be coming from ICANN.

The scam emails are only aimed at misleading the registrants into giving their financial information on the phishing sites they are redirected to from the email notifications.

What To Watch Out For

The Anti-Phishing Working Group (APWG) has managed to outline a few common characteristics of the emails sent by scammers:

  • The scam email encourages the recipient to click on a link to renew the domain online at an attractively low price.
  • The ‘renewal promotion’ email appears to be sent by ICANN. It features ICANN’s branding and logo in the body of the message.
  • The fake renewal page that the email leads to also tries to mimic a page managed by ICANN.

While ICANN has initiated a thorough investigation of this aggressive scam campaign, they recommend that registrants also take steps to protect their personal information.

What To Do

So, if you receive an email similar to the one described above, you should keep in mind the following notes:

  • Any email that offers domain renewal services from ICANN is NOT authentic, since ICANN does not process domain registrations or collect fees from registrants directly. All domain expiration notifications are sent from us – your hosting provider.
  • You should contact our support team directly for any concerns about the status of your domain name.
  • To help ICANN fight this global scam practice, you can report any scam email received at compliance@icann.org. A copy of the scam email is required for maximum investigation results.