Thursday, 5 February 2015

Notice of Registration for a domain scam

Notice of Registration for a domain scam...

I've received a lovely email asking me to renew my domain...

Headers: (example)
From: noreply@orderconfirmation7893500.com
Subject: Re: Notice of Registration for

Message body (example)
To: Steve Basford

Don't miss out on this offer which includes search engine submission for xxxxx.com for 12 months. There is no obligation to pay for this order unless you complete your payment by 2/10/2015. Our services provide submission and search engine ranking for domain owners. This offer for submission services is not required to renew your domain registration.
Failure to complete your search engine registration by 2/10/2015 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web).
This is what the email looks like on screen (with real details direct from the real whois for my domain)

The process payment button takes you to:
orderconfirmation7893500.com
The online whois infromation for  orderconfirmation7893500.com is as follows:
Domain Name: orderconfirmation7893500.com                   
Registry Domain ID: 182738259_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.west263.com
Registrar URL: www.west263.com
Last updated Date: 2015-01-16 12:06:23
Creation Date: 2015-01-16 12:06:23

Expiration Date: 2016-01-16 12:06:23
Registrar Registration Expiration Date: 2016-01-16 12:06:23
Registrar: Chengdu west dimension digital technology Co., LTD
Registrar IANA ID: 1556
Registrar Abuse Contact Email: Abuse@west263.com 
Registrar Abuse Contact Phone: +86.2886263960 ext 8245
Domain Status: ok http://www.icann.org/epp#ok
Registry Registrant ID: 1556-1845841-d-001
Registrant Name: liang wang
Registrant Organization: Wang Liang
Registrant Street: Xiang Zhou Qu Cui Xiang Jie Dao 221Hao
Registrant City: Zhu Hai Shi
Registrant State/Province: GD
Registrant Postal Code: 519000
Registrant Country: cn
Registrant Phone: +86.075622981191 
Registrant Fax: +86.075622981191
Registrant Email: xiongjun133@hotmail.com
Registry Admin ID: 1556-1845841-a-001

The process payment screen looks like this:


... But even though the above states it's secure... Firefox says otherwise....


So, thanks... but no thanks ;)


Cheers,

Steve
Sanesecurity.com

5 comments:

Anonymous said...

i was stupid enough to fall for this. I am on the phone with my bank. Anything else I should do to proyect myself?

Steve Basford said...

Good idea contacting the bank first of all. Check the status of your domain, with http://centralops.net/co/DomainDossier.aspx?dom_whois=1&net_whois=1&dom_dns=1 and enter your domain name, to check who owns/manages it.

Anonymous said...

My bank cancelled my card and will send a new one. Thanks for the URL, I have gathered info about the phishing company and am sending that info to the FTC. :-) It's a company from China :-(

ex-apotre said...

Thank you for this little bit of info. I just (aug 9 2015) received the same notice. I was leery of it and this blog confirmed my suspicions.

Shawn Deny said...

I am on the phone with my bank. Anything else I should do to proyect myself?
domain check