Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2008-10-29

Phish of the Day: eNom

A correspondent forwarded me this phish which is unusual in that it has an unusual target: customers of the registrar eNom. These phishers are looking to hijack other people's domain names for nefarious purposes. Note that the links in the message below do NOT go to eNom. The phisher seems to have a pile of domains in the form "comN2.biz" which he is using to support these phishing sites. So far, I have found com62.biz, com72.biz, com82.biz, and com92.biz. All were registered to someone using the email address alexeyvas@safe-mail.net at around  Mon Oct 27 00:45 GMT 2008. All use nameservers in the domain XWHLWWW.COM, which was created on 10-Oct-2008.

I recommend against clicking on any of the following links, since they go to a known hostile site at the time of posting.

---------- Forwarded message ----------

Dear user,

On Tue, 28 Oct 2008 XX:XX:XX -0500 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Tue, 28 Oct 2008 XX:XX:XX -0500 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260


LINK TO CHANGE INFORMATION - http://www.enom.com


Thank you,
Domain Services

[IncidentID:XXXXX]

2 comments:

Anonymous said...

I have received four of these e-mail so far today, with slightly different headings. However, the really sneaky bit is that I received quite innocuous e-mails yesterday to 8 of my domains that just said that eNom would be conducting routine server maintenance on 1st November. I had not heard on eNom, and my domains are not hosted by them, but I assumed that they must be related to my own ISP, so accepted the e-mails. I now realise that this was just a way of validating that the e-mails were active before sending the real phishing e-mails today.

G. Arnold said...

Wow, this is clever scam. I design web pages, and if I got one of these I might have been tempted to click on the link to see what it was. These type of scams need to be stopped. I am sick and tired of having to second guess everything I see.

I currently stated my own site at: http://www.report-online-scams.com, because my business was ripped off for 8,000, shortly after getting the paperwork for my S.Corporation.