Watch out for this sneaky domain name con!

 

If you own a domain name – something like www.yourdomain.com – your registrant details are a matter of public record, which is where this sneaky con comes in.

Nearing the time you’re next due to update your website registration, (also a matter of public record), you may receive and email like this:

From:    Your Website
Subject: Domain Notification: YOUR NAME This is your Final Notice of Domain Listing – YOURDOMAIN.COM
To:      YOU@YOURDOMAIN.COM
Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name: YOURDOMAIN.COM
Call: 1-716-805-3253
ATT:
Domain Owner YOUR NAME
ADMINISTRATIVE CONTACT
-
YOU@YOURDOMAIN.COM
STREET ADDRESS OF ADMINISTRATIVE CONTACT
YOURDOMAIN.COM
Requested Reply Before
April 18,2017
PART I: REVIEW SOLICITATION
Attn: Domain Owner YOUR NAME

As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration.This letter is to inform you that it's time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission.

You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: WWW.YOURDOMAIN.COM will expire on April 18, 2017 Act today!

[ ] 1 year 04/18/2017 - 04/18/2018 $75.00
[ ] 2 year 04/18/2017 - 04/18/2019 $119.00
[ ] 5 year 04/18/2017 - 04/18/2022 $199.00
[ ] 10 year -Most Recommended- 04/18/2017 - 04/18/2027 $295.00
[ ] Lifetime (NEW!) Limited time offer - Best value! Lifetime $499.00

Payment by Credit Card or Check
Call our New York main office: (716)805-3253

 

If you read it closely, you’ll see that they’re asking you to register for “Domain name search engine registration”, an utterly meaningless “service”. Search engines like Google search the entire web. Automatically. For free!

The real gotcha comes after some dotted lines at the bottom of the email in what looks like standard legal boilerplate. I’ve highlighted the bits you may have overlooked:

---------------------------------------------------------------------
By accepting this offer, you agree not to hold DS liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DS 3501 Jack Northrop Ave. Suite #F9238 Hawthorne, CA 90250 USA, This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DS and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DS reply with Remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosur
And that’s where the message cuts off. At “disclosur”.

In short, the whole thing is a con. From a bunch of scumbags trying to make a fast buck out of the busy or unwary. Avoid!!

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page

Watch out for this sneaky Gmail attack

Wordfence have highlighted a particularly sneaky Gmail phishing attack. Here’s what to look out for …

You receive an email – possibly from a friend or a legitimate contact – with an attachment, like this:

Although it looks genuine, it’s NOT a real attachment. It’s actually an embedded image crafted to look like a PDF, and when you click it, the embedded link in the image takes you to a fake Google login page …

… that also looks like the real thing. The only clue is in the browser’s address bar:

But that looks genuine too, doesn’t it? It says https://accounts.google.com, etc. The only oddity is that  data:text/html preface. And that’s the gotcha. It’s actually what’s known as a ‘data URI’ and what it’s telling the browser is that what follows isn’t a web address but a string of text, in this case a particularly long one. After a lot of whitespace to push what follows off the screen, you’ll find this …

… the start of a script that opens in a new tab and creates a functional but fake Gmail login page. A page that sends your user name and password to the attacker.

According to a comment on Hacker News,

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page