TwitterFacebookGoogle

Scams & Hacks

Sometimes we find out about scams and hacks from the media, sometimes our customers tell us, or we receive direct contact from the scammers.  If you receive any correspondence regarding your domain or hosting and are not sure if it is genuine please forward it to our Support email address.  We will advise you and, if it is a scam, will post it here to make others aware of it.  Some email scams can do the rounds for years, either in their original form or with slight or major changes.  Always be wary – even if you think it’s genuine – and, if in doubt, ask us.  (Customer names, addresses, phone numbers, domain names, and certain other information has been removed from the examples.)

Be on your guard so you don’t fall for emails like the ones shown below.  Don’t send money; don’t click links (including any unsubscribe links); just delete them (or forward them to us).

The list is in reverse order, so the most recent one we receive will be the first one to be read.  We hope it will be the newest but, as some of them do the rounds for years, it may be a rehashed old one or just an old one we haven’t come across previously.

A word of caution about genuine emails:  The domain registries have implemented new systems to ensure that contact information held for domains is current and correct.  New registrations, and changes to certain information for some existing domains, such as an email address, will trigger an email directly from the registry asking for verification within a fixed time limit (which will be shown in the email).  As you will see from the first example, this was being used to try to scam people as soon as it was introduced.  If someone has gained access to a domain illegitimately they will change the contact details to suit themselves, so asking them to verify that they have done so seems pretty pointless to us!  However, we don’t make the rules, all we can do is advise you of them and let you know that if we make a change – and know an email has been sent by the registry as a result – we will tell you.  You may also receive emails from us, either directly from our support or accounts addresses or directly from the server if your domain is due for renewal.  If you are in any doubt it has come from us please ask us.

*****

Example 7.

The following email was forwarded to us by a customer on 26th September 2016.  It seems quite reasonable, however…   Usernames for our hosting accounts are server-generated and cannot be changed.  We would never ask you for it because we don’t need to.  Not only can we obtain it directly from the server on which you are hosted, but we also keep a separate record on the database we use to send out our hosting renewal notices.  We do not need your username or password to move your account to a new server.  We upgrade our servers regularly and send advance notification by email to the address registered within your account as your contact address, so please ensure you keep your contact information up-to-date.  

Here is the email:

Help Desk

Scheduled Maintenance & Upgrade

Your account is in the process of being upgraded to a newest Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along with IMAP Support for mobile devices to enhance your usage.

 To ensure that your account is not disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below:

 * Domain\user name:

* Password:

 This will prompt the upgrade of your account.

 Failure to acknowledge the receipt of this notification, might result to a temporary deactivation of your account from our database. Your account shall remain active upon your confirmation of your login details.

 During this maintenance window, there may be periods of interruption to email services.  This will include sending and receiving email in Outlook, on webmail, and on mobile devices. Also, if you leave your Mailbox open during the maintenance period, you may be prompted to close and reopen.

 We appreciate your patience as this maintenance is performed and we do apologize for any inconveniences caused.

 Sincerely,

 Customer Care Team

*****

Example 6.

The following email arrived directly into our inbox on 29th November 2014 (It is a Chinese domain registered on the 20th November, so was most likely registered soley for the purpose of scamming). This has overtaken example 4 in the nastiness stakes and is currently firmly in number 1 spot. It is another search engine submission scam, but is very cleverly worded to imply that the domain registration is expiring. The unsubscribe instructions and disclaimers that state it is not an invoice, although clear here, are in pale grey in the original email to make them very difficult to see but to keep things looking legitimate.

ATTENTION: IMPORTANT NOTICE Domain SEO Service Registration Corp.
Order#: 562454
Date: 11/29/2014

EXPIRATION NOTICE
DOMAIN: domain.com
Notification Offer
EXPIRATION DATE: 12/07/2014

Bill To: (customer’s address, taken from public Whois information)

Domain Name: Registration SEO Period: Price: Term:
domain.com 12/21/2014 to 12/21/2015 $64.00 1 Year

SECURE ONLINE PAYMENT

Domain Name: domain.com
Attn: registrant’s name (in capitals)
This important expiration notification notifies you about the expiration notice of your domain registration for xxx.com search engine submission. The information in this expiration notification may contain confidential and/or legally privileged information from the notification processing department of the Domain SEO Service Registration. This information is intended only for the use of the individual(s) named above.
If you fail to complete your domain name registration domain.com search engine service by the expiration date, may result in the cancellation of this domain name notification offer notice.
PLEASE CLICK ON
SECURE ONLINE PAYMENT
TO COMPLETE YOUR PAYMENT.

Failure to complete your domain name registration domain.com search engine service process may make it difficult for customers to find you on the web.
CLICK UNDERNEATH FOR IMMEDIATE PAYMENT
PROCESS PAYMENT FOR
domain.com
SECURE ONLINE PAYMENT
ACT IMMEDIATELY
This domain registration for xxx.com search engine service notification will expire 12/07/2014.

Instructions and Unsubscribe Instructions:
You have received this message because you elected to receive special notification offers. If you no longer wish to receive our notifications, please unsubscribe here or mail us a written request to Domain SEO Service Registration Corp., 5379 Lyons Rd. 452, Coconut Creek, FL 33073. If you have multiple accounts with us, you must opt out for each one individually in order to stop receiving notifications notices. We are a search engine optimization company. We do not directly register or renew domain names. We are selling traffic generator software tools. This message is CAN-SPAM compliant. THIS IS NOT A BILL. THIS IS A NOTIFICATION OFFER. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED UNLESS YOU ACCEPT THIS NOTIFICATION OFFER. Please do not reply to this email, as we are not able to respond to messages sent to this address.

*****

Example 5.

This email was forwarded by a customer on 4th November 2014. It is very short and simple and gives little information, is addressed to the user and doesn’t actually make sense, “Your mailbox might be close…” We assume it to be a phishing email, and clicking the link would go to a website that asks for an email account username and password for the email address to which the message has been sent. Once they have that information they would be able to use the email account for sending spam. Our customer would normally have probably just deleted it, but the email’s arrival coincided with problem that prevented him using his email so he contacted us to check.

From: Email administator (the email address here was mail@mail.com)
To:
Sent: Saturday, November 01, 2014 1:10 AM
Subject: Email suspension

Dear user,

Your mailbox is almost full. (The mailbox usage is displayed in a box with a yellow usage bar in the actual email.)

1969MB 2000MB
Current size Maximum size

Your mailbox might be close kindly click activate to add more MB to your mailbox.

Copyright © 2014 Email! Inc. All rights reserved. (Preceeding the copyright symbol was the Yahoo! logo.)

*****

Example 4.

This email was sent to us on 8th October 2014, and we think it is a particularly nasty example of the search engine submission emails as it implies that the customer’s domain is not actually yet registered to them.  It is sent to the contact name for the domain, in this case us (fortunately) as the customer preferred it that way.   It included the registrant’s address, which is shown on the public Whois information, but rather worryingly it also included their telephone number (albeit in scientific format) which is not made public on Whois.  The email even included a picture of the supposed Mr ONeal next to his name and job title.

Subject:  Hi DOMAIN ADMIN – www.domain.com has not been completely registered.

Newly Registered Domain at: domain.com

DOMAIN ADMIN
REGISTRANT’S ADDRESS

Registrant’s Telephone Number: xxxxxxxxxxxx

Hi DOMAIN ADMIN

My name is Bernard and I will be your Account Manager for your free 2 week advertising campaign listing on 2.5 million websites. This is an exclusive to newly registered domain owners only. Click here: http://www.newlyregisterdomain.com/exclusive/free-advertising3777x.html

Did you know that 95% of people use search engines to find what they are looking for? Right now, your website cannot be located on many search engines.

We’ll help your website domain.com succeed by making your website known across the entire Internet. We will get you listed virtually everywhere. This includes Yahoo, Bing, Google, Ask, and almost every known search engine, classified network, blogs, FFA link websites, directories, e-zines, download submissions and much more.

You can redeem your free advertising here:
http://www.newlyregisterdomain.com/exclusive/free-advertisingxxxxx.html

Let me know if you have any problems.

Best Regards

Bernard Oneal
Personal Account Manager
Domain Submit

P.S

Remember, this exclusive free advertising is for a limited time and can expire at any time.

Your Exclusive Link is: http://www.newlyregisterdomain.com/exclusive/free-advertisingxxxxx.html

This email was sent from Domain Submit, 700 Commerce Dr, Suite 500, Oak Brook, IL 605

 

Unsubscribe me from this list

 

*****

Example 3.

 The following email arrived directly in our inbox on 9th August 2014 – the day after we registered the domain (I guess we can’t fault them for efficiency!)  It is another search engine submission solicitation, the content of which is, as usual, complete rubbish.  They are not at anyone’s service but their own.

From: Search Registry [admin@bailz.com] (Note: the sender’s email address will vary.)

To: [Our email address]

Subject: REMINDER: Search Engine Registration for Your Domain xxx is pending

Hi DOMAIN ADMIN,

Domain Name: xxx (Account #xxxxx)
This email is being sent out to you because search registration for [xxx] is pending.
Please register these domains to search engines like Google, Bing and Yahoo ASAP to avoid late fees.

Registering for search engines would help you show up in search results and increase your online presence.

You can register your domain at: here
We sincerely appreciate your business! If you require anything, we are at your service.

Remember… If you do not register your domain with the search engines, it may not appear in the search engine listing when people are looking for you. Failure to complete your domain name search engine registration by the expiration date may make it difficult for your customers to locate you on the web. Complete your search engine registration today at: www.searchregistry.org
Sincerely,

Search Engine Registry
1787 Pennsylvania Ave NW, Suite 1025
Washington DC, 20006

You may unsubscribe here

*****

Example 2.

 We received the email below from a customer on 11th June 2014.  It is a very common type, and will be addressed to the domain registrant and include the domain name.  It is  carefully worded to imply that if the domain domain registrant doesn’t part with quite a lot of money to them they will suffer for it.  Further reading indicates it is for search engine submission, but by using words like “registration” and “cancellation” to confuse, they imply this is something you should pay before their deadline.  Please don’t be caught out, and do not attempt to unsubscribe from their emails.  Ignore their “do not discard…” message and discard it or forward it to us and then discard it.

From: Domain Services <notices@domainnotices8585.com>
To: XXX
Subject: Domain Notification: MR XXX This is your Final Notice of Domain Listing – (Domain name)

Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name: XXX

Complete and return by fax to:
1-716-242-0416

ATT: XXX
ADMINISTRATIVE CONTACT
ADDRESS
WWW.DOMAIN
Please ensure that your contact information is correct or make the necessary changes above

Requested Reply
JULY 7,2014

PART I: REVIEW SOLICITATION

Attn: XXX
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it’s time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission. You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: XXX will expire on JULY 7,2014 Act today!

Select Term:

[ ] 1 year 07/7/2014 – 07/7/2015 $75.00
[ ] 2 year 07/7/2014 – 07/7/2016 $119.00
[ ] 5 year 07/7/2014 – 07/7/2019 $199.00
[ ] 10 year -Most Recommended- 07/7/2014 – 07/7/2024 $295.00
[ ] Lifetime (NEW!) Limited time offer – Best value! Lifetime $499.00

Today’s Date: _____________________ Signature: _____________________

Payment by Credit Card
Select the term above, then return by fax: 1-716-242-0416

(DOMAIN NAME)

——————————————————————————————-

By accepting this offer, you agree not to hold DS liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DS 3501 Jack Northrop Ave. Suite #F9238 Hawthorne, CA 90250 USA, This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DS and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DS reply with Remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance on the contents for this letter is strictly prohibited.

*****

Example 1.

4th March 2014.  The following email was forwarded by a customer.  It is a phishing email, intended to gain information the hacker can use for their own ends.  We have disabled the links, but clicking “PLEASE CLICK HERE” in the original email will take you to a site the purpose of which is to obtain confidential information, in this case probably your email account password so the account can be used to send out spam.

From: EMAIL SUPPORT (mailto:verification@microsoft-email-support.com)
Sent: 04 March 2014 04:50
Subject: Action Required: Important Email Verification!

ACTION REQUIRED!

Dear Email Holder,

New Regulations from Microsoft Corporation and your email host, now require that email account holders must verify their email account information. All unverified email accounts  will be classified as “inactive”. The contents of the inactive email accounts comprising e-mails and folders will be permanently deleted, and account terminated.

To ensure your email(s) remain active, PLEASE CLICK HERE to perform a one-time automatic verification.

No further action is required after completing the simple verification process. It is however necessary that you repeat this process for all other email address(es) you may own.

If this message was found in your spam/junk folder, please move to inbox.

Thank you.

Email Support Team.

Please do not reply to this email as it would not be read.
©2014 by Microsoft Corporation. All rights reserved.

*****