ICANN/GNSO GNSO Email List Archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

[registrars] Phishing scams targetting domain accounts now

  • To: registrars@xxxxxxxx
  • Subject: [registrars] Phishing scams targetting domain accounts now
  • From: Mark Jeftovic <markjr@xxxxxxxxxxx>
  • Date: Fri, 9 Jan 2004 08:40:51 -0500 (EST)
  • Sender: owner-registrars@xxxxxxxxxxxxxx

We had a report from a user who received a fake "Verify your account"
forged email to look like it was from us, to an email harvested from his
whois record.

It directed him to:

https://easysdns.sslpowered.com/SSLSecurePage/AccountRenew

Which was (it is now cancelled) a mockup of our member signup form,
layout, etc.

We created a bogus account and filled out the form, it redirected us
back to our own site, indicating they are collecting the data (as
opposed to trying to init a reg transfer, slam the domain, etc)

Sure enough, within the hour two accesses to the bogus account were
attempted from IP's in California and Viet Nam.

This is clearly a phishing scheme designed to access domain holder
accounts, beyond that, we don't know. Maybe they think they'll find
credit card data in a compromised account (they won't) or they are
trying to actually hijack domains.

In any case, its something to keep an eye out for.

-mark

-- 
Mark Jeftovic <markjr@xxxxxxxxxxx>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237



<<< Chronological Index >>>    <<< Thread Index >>>