Phishing fraud emails target domain name owners

By

Domain name owners are the target of a sophisticated scam disclosed by the US SANS Internet Storm Center late last week.

Phishing fraud emails target domain name owners
According to a report received by the nonprofit organisation, scammers initially sent victims an email with an offer to purchase a domain name.

Recipients were then directed to what appeared to be a forum discussion page addressing the most reliable appraisal services for domain names, according to SANS researcher Lenny Zeltser.

The bogus email read, "Of course we must be sure that you are engaging a reputable appraisal company. I heard many appraisal companies often made inaccurate appraisals. I will only accept appraisals from independent sources I trust," and then links recipients to a forum page.

After fake forum inquiries are made about appraisal services, a user named "NameSeller" corresponded with other users, and a consensus was reached naming securenamesale[dot]com as the winner, according to the Saturday SANS post.

Securenamesale[dot]com is likely not a legitimate service, according to Zeltser’s citations of victim reaction on public forums. The website sells domain appraisal software for US$99, he said.

Scams targeting the owners of domain names are nothing new.

In February 2001, the Federal Trade Commission (FTC) asked a US District Court to halt a scam duping consumers into registering variations of existing domain names. The FTC estimated that at least 27,000 website owners were victims of that scam.

Web-based fraud cases cost consumers about US$200 million during 2006, according to just-released statistics from the FBI.

Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com that this scam could be considered spear phishing.

"The fact that someone is effectively trolling for someone else who would sell his or her domain name is a form of phishing," he said. "And then when you go to a particular domain name to find out that it’s a static web page, it’s basically a form of false advertising or fraud."

O’Brien added that the primary motivation of the fraudster was to take US$99 payments while knowing the domain name won’t be sold, although other motives are possible.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
domainemailsfraudnameownersphishingsecuritytarget

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?