Skip to main content

The Domain Reminder "Scam"

Introduction

You may know that I often follow-up on scamming emails, in order to investigate the true motive for their attempt. So here I would like to outline a scam which looks fairly passive but tricks the user in its usage of wording.

The Scam

First the scamming company search DNS records and locate a domain which is near to timing-out and gain the email address of the registered person.

Next they draft an official looking email which looks like it knows lots of details about the domain and account holder, and which warns them about a domain which is expiring:



But the wording is strange here, and there's nothing illegal in what they are offering. In quickly reading the email, it seems that they are warning you that your domain is expiring on 28 June 2017, and that it will be cancelled. But read more closely ... it is their offer of the SEO registration that will be cancelled on 28 June 2017! This is the same date as the domain is actually going to time-out, so they seem to be trying to trick the user into thinking that they need to pay for this service in order not to lose their domain.

As I search my emails, I see so many emails like this, and which has been triggered by a domain expiring and with a different company email address:



Once you click, you're led to the payment page (it has probably been designed to reflect the GoDaddy colours):



The Registration

The company is registered to:

1000 Fifth Street Suite 200 – G9 MIAMI BEACH, FL 33139
 
For the payment they create a new sub-domain for one of their sites and pass in the details of the domain name and expiry date in the URL:

"httpz:www.profsimscom.shippropertyg.org/?d=profsims.com&p=07-10-2017

For this they have created a subdomain of shipproperty.org and when we do a Whois on that, we trace it to China:

$ whois shippropertyg.org
Domain Name: SHIPPROPERTYG.ORG
Registry Domain ID: D402200000002595912-LROR
Registrar WHOIS Server:
Registrar URL: http://www.55hl.com
Updated Date: 2017-06-02T01:54:13Z
Creation Date: 2017-06-01T23:27:43Z
Registry Expiry Date: 2018-06-01T23:27:43Z
Registrar Registration Expiration Date:
Registrar: Jiangsu Bangning Science and technology Co. Ltd.
Registrar IANA ID: 1469
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Registry Registrant ID: C193737765-LROR
Registrant Name: BingWang
Registrant Organization: Wang Bing
Registrant Street: Cui Xiang Jie Dao 1256Hao
Registrant City: Zhu Hai
Registrant State/Province: Guang Dong
Registrant Postal Code: 519000
Registrant Country: CN
Registrant Phone: +86.075620696654
Registrant Phone Ext:
Registrant Fax: +86.075620696654
Registrant Fax Ext:
Registrant Email: wynne112@mail.com
Registry Admin ID: C193737766-LROR
Admin Name: BingWang
Admin Organization:
Admin Street: Cui Xiang Jie Dao 1256Hao
Admin City: Zhu Hai
Admin State/Province: Guang Dong
Admin Postal Code: 519000
Admin Country: CN
Admin Phone: +86.075620696654
Admin Phone Ext:
Admin Fax: +86.075620696654
Admin Fax Ext:
Admin Email: wynne112@mail.com
Registry Tech ID: C193737767-LROR
Tech Name: BingWang
Tech Organization:
Tech Street: Cui Xiang Jie Dao 1256Hao
Tech City: Zhu Hai
Tech State/Province: Guang Dong
Tech Postal Code: 519000
Tech Country: CN
Tech Phone: +86.075620696654
Tech Phone Ext:
Tech Fax: +86.075620696654
Tech Fax Ext:
Tech Email: wynne112@mail.com
Name Server: F1G1NS1.DNSPOD.NET
Name Server: F1G1NS2.DNSPOD.NET
DNSSEC: unsigned

and all of the links I see send themselves to these sites which are registered in China and non-US countries, so one must wonder about the Miami registration of the company. Other sites include "londonseo.org":

"httz://www.cloud4informationcom.londoneseo.org%?d=cloud4information.com&p=06-29-2017

The Payment

The additional risk is when we do click on the payment, there is no SSL connection for the actual entry of the details:



Even though it says that SSL is used ... it is not! Users should never enter payment details without seeing a green padlock and where HTTPS is used:



At the bottom of the page the user is tricked into thinking that everything is secure:


but it is not using SSL and security.fhtpay.com doesn't even exist!

Conclusions

There are so many risks in this scam, especially in the way they put pressure on you to pay for something that looks official. The advice from GoDaddy is:




Comments

Post a Comment

Popular posts from this blog

Shooby Shooby Do Yah ... now Google ... Turn Bill's Lights Off

Introduction I drove from Edinburgh to Glasgow last and had a merry chat with my car companion. A s I was driving I asked them to "Play Banana Republic by the Boomtown Rats on Spotify", and then asked, "Tell me the latest tech news". But I was alone in the car, and every command began with "Okay Google". I must admit when a great piece of useful technology comes along, I love it. There is no button to press, and there is no looking at the screen, and it works beautifully. All I have to do is match my sentences to the ones that my Google Assistant understands. For just now we are in a learning phase, and she is learning from me, and I'm learning from her. The world, as far as I can see it, is moving towards one which has Alexa, Siri and Now Google embedded into it. I believe this will become one of the greatest steps forward in the true integration of technology and humans. But, on the other side, we now have a little spy in our pocket, and s...
Post a Comment
Read more

Face Recognition at Public Events: Big Brother or Catching Criminals?

Introduction So did George Orwell actually predict the future of the Cyber Age with his 1984 book? In his book, George projected a state which observed its citizens, and where there was no hiding place. He could see a time of TVs on the wall which could talk to you, and for the citizens to be watched for everything that they did. Perhaps he could see a world where our Cloud Service providers ... Google .. Facebook ... and so on ... continually monitoring our activities? Obviously, in 1948, when he published it, the use of technology was not quite developed as it is now, but  perhaps we need to examine our current move towards the observation of crime through technologies such as face recognition. On the back of Internet records in the UK being monitored without a warrant, we now see that citizens may not be free from observation when they attend even something like a football match. Monitoring faces A number of police forces in the UK have been trying face recognitio...
Post a Comment
Read more