There is a new phishing email doing the rounds, masquerading as a Godaddy email. I received it this morning and have since notified Godaddy.

There are a few things that are interesting about this email:

1.It uses the actual Godaddy graphics on the Godaddy web server, so it looks real.

2. In the body of the message it says “Dear <your email address”.

3. It was sent to an email address on my server that doesn’t exist (normally I’d throw away those “catch all” emails, but not in this case).

4. The fake email was (spoofed) from sales at godaddy.com with a subject of “GoDaddy.com Order Confirmation”. So if you have a lot of automatic email rules that archive off these types of notices, it may find its way into your inbox, and you may never notice it.

5. FYI: The links go through to “dextersss-com-ua.1gb.ua/zzx.htm” – the webserver is live, but the site is currently producing a 404.

6. For the techo’s, SpamAssassin gave it a score of 17.223.

I only initially picked up on it because I didn’t recall ordering 300 .INFO domains. If that had of arrived during a bulk ordering process, I may have not noticed.

Given the fact it’s a bulk registration. Could this be a targetted email especially for domain investors? The average person isn’t going to register 300 domains! Of course, the other side of that thought process is that phishing emails are designed to be “clicked on”, so if a member of public sees it, they will probably freak out first, click it and then inadvertently hand over their credentials (login id and password).

What do you think? Have you received this email?

I received this unsolicited commercial email asking me to renew a domain that I’d already renewed!

The company wanted $79.95 to renew a .com domain name! Of course, I had already renewed it for less than 10% of that price – with my REAL registrar.

Companies like this provide me with a constant source of entertainment. On their website under “How does it work?” you will find Step #2 in their instructions. It reads:

“We interact with your Internet Service Provider/ ISP to renew your domain name. In cases your ISP requires your login information we will contact you by mail and you will have to provide us with login information so we can preform a renewal.”

Ohhh… so I send you my credentials! Oh that makes sense…. here are mine for Network Solutions.

ID: newbiescammer

Password: latvia-ownz-my-domains

Please renew all my domains for me as they will expire soon. Wow…. that should take care of my portfolio. Now, back to outbidding Halvarez….

First eNom, now Network Solutions. I had various reports of the NetSol phishing email, so it was only a matter of time before I started to get them. Amongst the phishing emails was a legit one from Network Solutions themselves.

I’d question their strategy of sending an email response to a phishing email, given that e-mail as a communications channel is not trusted by many consumers. For those that don’t know how to distinguish between the fake email and the real one, I have posted both of them below.

Here is a phishing tip that will save your bacon: Don’t click on links in emails! Use your browser and type in the address that you know manually. If you are one of the (un)lucky ones who has logged into your Network Solutions account recently after clicking on a link from the phishing email below, then you need to change your password AND your security question. Oh… and hope that your domains haven’t been transferred to Siberia.

— this is the evil phishing email —

Return-Path: <laav...@bobrea.plus.com>
From: “networksolutions.com” <supp...@networksolutions.com>
Subject: Inaccurate whois information.
Date: Thu, 30 Oct 2008 22:03:17 -0500

Dear Network Solutions® Customer,

On Thu, 30 Oct 2008 22:03:17 -0500 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

1. Log in to Account Manager at: http://www.networksolutions.com.sys67.biz.
2. Click on the “Profile & Accounts” tab in the left navigation menu to be taken to a page listing your account details.
3. Click on “Accounts” and select the account you wish to edit.
4. Click “View/Edit WHOIS Contacts” to make your updates.

If you believe someone requested this change without your consent, please contact Customer Service.

If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.

Sincerely,

Network Solutions® Customer Support

— ends —

— this is the real Network Solutions email —

From: “Network Solutions”

Subject: Important: Phishing and Security

Dear Valued Network Solutions(R) Customer:

We’ve recently become aware of a phishing scam targeting domain name customers of a small number of registrars including Network Solutions(R). We wanted to alert you of this situation. Phishing is the practice of luring unsuspecting Internet users to a fake Web site by using an authentic-looking e-mail in an attempt to steal passwords, account information or other sensitive data.

At this time, we know that fraudulent e-mails are being sent to some domain name customers, regardless who the registrar of record is, which include links to sites that look like networksolutions.com or other domain provider sites; however they are fake Web sites. These e-mails are attempting to capture login information. For more information and tips on identifying phishing scams, please visit our blog at www.blog.networksolutions.com/.

If you believe you have received an e-mail of this type, have clicked on the link, and provided your login information, we recommend the following for security purposes:

1. Log in to your account from the Network Solutions Web site.
2. Review your account information for accuracy
3. Choose a new password security question and answer
4. Change your password

Thank you for your attention to this message.

Sincerely,
Network Solutions(R) Customer Support

*****************************************************

This e-mail was sent from a notification-only address. Please do not reply to this message. For Network Solutions customer service inquiries, please visit: http://www.networksolutions.com/help/index.jsp

Please note, in accordance with our Privacy Policy, we will continue to send you notices and other important information affecting your account or services in order to fulfill our service obligations to you.

Access our Privacy Policy: customersupport.networksolutions.com/article.php?id=3D306

Access our Service Agreement:

http://www.networksolutions.com/legal/static-service-agreement.jsp

(c) 2008 Network Solutions, LLC. All rights reserved. Network Solutions, 13861 Sunrise Valley Drive, Dept ACQM, Herndon, VA 20171

— ends —

Today I received a phishing email masquerading as eNom. While the from address is supp...@enom.com, the return address is actually a...@bobjanes.com.

The domain name that the phishing email diverts to is com62.biz – I have provided the whois details below.

——————————————————

From: “eNomCentral Support” <support@enom.com>

Subject: Inaccurate whois information.

Dear user,

On Wed, 29 Oct 2008 00:13:32 +0300 we received a third party complaint of  invalid domain contact information in the Whois database for this domain  Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid  or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Wed, 29 Oct 2008 00:13:32 +0300 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com.com62.biz

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION – http://www.enom.com.com62.biz

Thank you,
Domain Services

[IncidentID:33499]

——————————————————

Domain Name      COM62.BIZ
Domain ID     D27867299-BIZ
Sponsoring Registrar     ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM
Sponsoring Registrar IANA ID     82
Domain Status     clientTransferProhibited
Registrant ID     OLNI_175212_0_1
Registrant Name     Shestakov Yuriy
Registrant Organization     Shestakov Yuriy
Registrant Address1     Lenina 21 16
Registrant City     Mirniy
Registrant State/Province     MSK
Registrant Postal Code     102422
Registrant Country     Russian Federation
Registrant Country Code     RU
Registrant Phone Number     +7.9218839910
Registrant Facsimile Number     +7.9218839910
Registrant Email     alex...@safe-mail.net
Administrative Contact ID     OLNI_175212_1_1
Administrative Contact Name     Shestakov Yuriy
Administrative Contact Organization     Shestakov Yuriy
Administrative Contact Address1     Lenina 21 16
Administrative Contact City     Mirniy
Administrative Contact State/Province     MSK
Administrative Contact Postal Code     102422
Administrative Contact Country     Russian Federation
Administrative Contact Country Code     RU
Administrative Contact Phone Number     +7.9218839910
Administrative Contact Facsimile Number     +7.9218839910
Administrative Contact Email     alex...@safe-mail.net
Billing Contact ID     OLNI_175212_3_1
Billing Contact Name     Shestakov Yuriy
Billing Contact Organization     Shestakov Yuriy
Billing Contact Address1     Lenina 21 16
Billing Contact City     Mirniy
Billing Contact State/Province     MSK
Billing Contact Postal Code     102422
Billing Contact Country     Russian Federation
Billing Contact Country Code     RU
Billing Contact Phone Number     +7.9218839910
Billing Contact Facsimile Number     +7.9218839910
Billing Contact Email     alex...@safe-mail.net
Technical Contact ID     OLNI_175212_2_1
Technical Contact Name     Shestakov Yuriy
Technical Contact Organization     Shestakov Yuriy
Technical Contact Address1     Lenina 21 16
Technical Contact City     Mirniy
Technical Contact State/Province     MSK
Technical Contact Postal Code     102422
Technical Contact Country     Russian Federation
Technical Contact Country Code     RU
Technical Contact Phone Number     +7.9218839910
Technical Contact Facsimile Number     +7.9218839910
Technical Contact Email     alex...@safe-mail.net
Name Server     NS1.XWHLWWW.COM
Name Server     NS2.XWHLWWW.COM
Name Server     NS3.XWHLWWW.COM
Name Server     NS4.XWHLWWW.COM
Name Server     NS5.XWHLWWW.COM
Created by Registrar     ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM
Last Updated by Registrar     ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM
Domain Registration Date     Mon Oct 27 00:45:13 GMT 2008
Domain Expiration Date     Mon Oct 26 23:59:59 GMT 2009
Domain Last Updated Date     Mon Oct 27 06:04:52 GMT 2008