Phishing attempt for your domain name
November 1, 2008 2 Comments
Phishers try to get confidential information and most these guys are out for your login and password of your banc accounts or credit card details. However, the latest phishing attemps are more targeted towards domain owners. MX Lab has intercepted similar messages like below during the last few days.
The message body:
Dear user,
On Sat, 1 Nov 2008 06:48:43 +0500 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.
The contact information for the domain which displayed in the Whois database was indeed invalid. On Sat, 1 Nov 2008 06:48:43 +0500 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.
PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com <http://www.enom.com.ssl48.mobi>
If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:
Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260
LINK TO CHANGE INFORMATION – http://www.enom.com <http://www.enom.com.ssl48.mobi>
Thank you,
Domain Services[IncidentID:57914]
Just like any other phishing attempt, there is a problem and you’ll need to take action to resolve it by going to a web site, obviously not the “real site” but a site that has been set up by the phishers.
From that point on your submitted information is falling into the wrong hands so keep an eye for those messages.
These are some domains that are used and their registration date:
| #1 | ssl42.mobi | Sat, 01 Nov 2008 01:48:07 +0000 |
| #2 | ssl48.mobi | Sat, 01 Nov 2008 01:47:31 +0000 |
| #3 | ssl45.mobi | Sat, 01 Nov 2008 01:01:27 +0000 |
| #4 | sys49.mobi | Thu, 30 Oct 2008 11:49:57 +0000 |
| #5 | sys42.mobi | Thu, 30 Oct 2008 11:43:44 +0000 |
| #6 | sys44.mobi | Thu, 30 Oct 2008 09:53:52 +0000 |
Thanks for the posting. As a webmaster, I have been getting this message a lot this week – and it looks pretty official. Fortunately, I sign up for the free domain protection where they hide the domain regrestrant. So when the email came in I was very suspicious. I hope my clients who control their own domains are just as wise.
THANKS for verifying my suspicions.
Just grabbed the feed… thanks for posting this.