So, you’re probably all familiar with the concept of hackers and identity thieves trying to steal your bank account details, your eBay login details or even passwords for your online games, but what about criminals trying to steal the login for your domain registration service?
The discovery of this new form of phishing attack, documented on the SophosLabs blog by my colleague Savio Lau, has generated some interest in the media with the likes of Dark Reading and ZDNet commenting on it.
Owners of legitimate website domains may be at risk if they receive emails like the following, which claim to come from domain registration services such as Network Solutions or eNom:
In the case of the Network Solutions phishing email, part of the message body reads as follows:
We recently notified you that the registration period for your Network Solutions domain name has expired. As a benefit of having previously registered a domain name(s) with Network Solutions, you are eligible to receive a percentage of the net proceeds that were generated from the renewal and transfer of the domain name you chose not to renew. Since you have chosen not to renew the domain name listed below during the applicable grace period, we were successful in securing a backorder for this domain name on your behalf and it has been transferred to another party in accordance with the Service Agreement.
The other domain name registrar targeted by a similar attack, eNom, has taken the laudable step of warning its customers of the phishing campaign by displaying a warning on the front page of its website:
What is most fascinating perhaps about these phishing campaigns is their timing. They appear to have appeared simultaneously with the increasingly hot water that domain registrar EstDomains has found itself in, as allegations spiral that the company has been too friendly to cybercriminals. The ICANN (Internet Corporation for Assigned Names and Numbers) notified EstDomains earlier this week that it was intending to terminate its status as a domain registrar.
If the computer underground feels that EstDomains won’t be a safe harbour for its websites any longer, could they be looking to steal domain registration accounts from innocent parties?
ICANN’s records indicate that EstDomains has approximately 281,000 domain names under its management.
If you do believe you may have mistakenly fallen for one of these scams and handed over your account details to scammers, be sure to attempt to log into your account as soon as possible and immediately change your login details. You should also contact your domain registration company immediately and inform them of the security breach.