Phishing fraud emails target domain name owners

By on
Phishing fraud emails target domain name owners

Domain name owners are the target of a sophisticated scam disclosed by the US SANS Internet Storm Center late last week.

According to a report received by the nonprofit organisation, scammers initially sent victims an email with an offer to purchase a domain name.

Recipients were then directed to what appeared to be a forum discussion page addressing the most reliable appraisal services for domain names, according to SANS researcher Lenny Zeltser.

The bogus email read, "Of course we must be sure that you are engaging a reputable appraisal company. I heard many appraisal companies often made inaccurate appraisals. I will only accept appraisals from independent sources I trust," and then links recipients to a forum page.

After fake forum inquiries are made about appraisal services, a user named "NameSeller" corresponded with other users, and a consensus was reached naming securenamesale[dot]com as the winner, according to the Saturday SANS post.

Securenamesale[dot]com is likely not a legitimate service, according to Zeltser’s citations of victim reaction on public forums. The website sells domain appraisal software for US$99, he said.

Scams targeting the owners of domain names are nothing new.

In February 2001, the Federal Trade Commission (FTC) asked a US District Court to halt a scam duping consumers into registering variations of existing domain names. The FTC estimated that at least 27,000 website owners were victims of that scam.

Web-based fraud cases cost consumers about US$200 million during 2006, according to just-released statistics from the FBI.

Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com that this scam could be considered spear phishing.

"The fact that someone is effectively trolling for someone else who would sell his or her domain name is a form of phishing," he said. "And then when you go to a particular domain name to find out that it’s a static web page, it’s basically a form of false advertising or fraud."

O’Brien added that the primary motivation of the fraudster was to take US$99 payments while knowing the domain name won’t be sold, although other motives are possible.
Tags:
domain emails fraud name owners phishing security target

Most Read Articles

Westpac finally moves to re-architect IT for NPP

Westpac finally moves to re-architect IT for NPP
Optus fibre cable cut in Melbourne

Optus fibre cable cut in Melbourne
Equifax's top tech execs leave 'effective immediately'

Equifax's top tech execs leave 'effective immediately'
NBN Co targets in-home wiring faults

NBN Co targets in-home wiring faults
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education

Events

Log In

Username:
Password:
|  Forgot your password?