Aggressive Phishing Scam Targets Domain Owners

                        A new phishing campaign is targeting the owners of internet domains in an attempt to spread malware. The emails are...
Blog rating:1 out of5 with1 ratings

Aggressive Phishing Scam Targets Domain Owners

by NewsEditor_ on October 29th, 2015 in Industry and Security News.

A new phishing campaign is targeting the owners of internet domains in an attempt to spread malware. The emails are presented as a notice of domain suspension, claiming that the user’s domain (registered website address) has received several complaints and that they are suspending their service. Help Net Security reports that the emails contain “the valid domain registration and the recipient's full name, which the attackers must have harvested online, via the whois query. The sender's email address is also spoofed to make it look like the sender is the domain registrar.” A whois query is a protocol used to look up the owners of an internet resource such as a website domain. Utilizing publicly available information to target users is a form of social engineering, psychologically manipulating people into performing actions or providing sensitive information by gaining their confidence. 

In this campaign, the perpetrators are utilizing publicly available domain registration details to target users and gain their trust. The emails also appear to originate from a valid domain registration company with which users have already communicated, as the emails utilize a spoofed (fake) email address to appear legitimate. Hoax-Slayer reports that these messages are attempting to spread malware through an attachment: “The messages advise you to click a link to download a copy of complaints received…If you open this file in the hope of viewing the supposed complaints, the malware will be installed.” 

A number of domain registrars have announced this scam to their user base including companies located in Australia, the United States and India, as well as Google Domains.  The subject line of the emails typically takes the form of Subject: [Domain name] Suspension Notice but as news of this campaign spreads the methodology will probably be amended to trick more users. The emails bear the hallmarks of classic phishing tactics including the implication of urgency, as they claim that “Multiple warnings were sent by [name of Registration Company]." The perpetrators have done a better job than most of posing as a trustworthy entity to coerce users into downloading their malware. The geographic scope and attention to detail in these phishing emails suggests a widespread, coordinated campaign. 

Average: 1 (1 vote)

Facebook Comments Box


Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now