Phishing is old news for most of Day Pitney’s clientele. Click here to view one of our earlier Alerts on this topic. For those who may not be familiar, however, phishing refers to the unfortunate practice of when a fraudulent email is sent that appears to be from a well-known and familiar company with whom the recipient is likely to have a relationship. Typically, the email advises the recipient that there is some reason the recipient’s account information needs to be confirmed. When the recipient responds using the links embedded in this email, he or she is taken not to the legitimate web site, but to one operated by a criminal. This site appears to be virtually identical to the corresponding web page of the legitimate company. However, the information submitted through this web site is then used by the sender to obtain personal information such as user names, passwords, social security numbers etc.
Most often these scams target customers of large commercial banks, Internet Service Providers, or other services that collect personal information.
It has come to our attention that there is now a new phishing scam based on stealing valuable domain names in addition to whatever financial information may be available on your registration page with the vendor providing you with domain name administrative services.
It appears that the scam works as follows: Targets are selected based on upcoming renewal dates for domain names based on publicly available “whois” information. This information also lists the registrar for the domain name.
An email is generated that mirrors the standard renewal email sent by that registrar reminding its clients of an upcoming renewal and asking for instructions. The embedded links, however, do not lead to the legitimate registrar, but to a dummy page where the sender collects the password and other information for the domain name including credit card or bank account information to cover the cost of the renewal. While the financial information can then be used to run up charges in the name of the registrant, the greater danger is that the information obtained will be used to take control of the domain name and sell it to an innocent third party who believes that he is acquiring the domain name from the rightful owner.
Fortunately, it is easy for you to avoid becoming a victim of this scam. Do not use any embedded links in any email directing you to a page where you will submit any confidential information. Also, do not use the reply feature on your email browser to respond to emails requesting this information. If you think a message is valid and you wish to reply, first confirm that the link or e-mail address appears, in all respects, to be correct (for example, some phishing scams use a slightly different address with one letter off) and then simply type the email address into your browser directly or open up a new email and manually type in the email address. Do not use the copy and paste feature as this will transfer the underlying fraudulent code and is equivalent to clicking on the embedded link or using the reply feature of your email browser.