There are multiple reports today across multiple registrars that customers are being targeted in another spearphish purporting to come from the Registrar’s “Abuse Department”:
From: firstname.lastname@example.org Subject: Domain [REDACTED] Suspension Notice Date: October 26, 2015 at 5:34:06 PM PDT To: <redacted> Dear Sir/Madam, The following domain names have been suspended for violation of the easyDNS Technologies, Inc. Abuse Policy: Domain Name: [REDACTED] Registrar: easyDNS Technologies, Inc. Registrant Name: [REDACTED - HARVESTED FROM WHOIS] Multiple warnings were sent by easyDNS Technologies, Inc. Spam and Abuse Department to give you an opportunity to address the complaints we have received. We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone. We had no choice but to suspend your domain name when you did not respond to our attempts to contact you. Click here and download a copy of complaints we have received. Please contact us by email at email@example.com for additional information regarding this notification. Sincerely, easyDNS Technologies, Inc. Spam and Abuse Department Abuse Department Hotline: 480-124-0101
The registrant information in the email appears to be harvested from Whois, the link in the email attempts to download a file to your computer while the phone number is not valid.
So far aside from easyDNS, other registrars’ (including Dynadot, web.com, eNom, uniregistry, fabulous and Moniker) customers have also been targeted. (It looks like they are harvesting the data from the whois database, making programs like ICANN’s WDRP and WAP even more problematic).
Domain Name Wire has run a story about this over here.
Leave a Reply