Domain registration security advisory - phishing attempts

  • Wednesday, 28th October, 2015
  • 11:06am

It has come to our attention that since Oct 26, 2015, an unknown third-party has been sending out emails to domain registrants claiming that their domain has been suspended due to an unspecified complaint.  Please note that this is NOT a valid email from EntirelyDigital or any accredited registrar and is intended to dupe users into installing malicious software on their computer systems.

The email typically has the following subject format "Domain DOMAINNAME.COM Suspension Notice" and has the following elements that can be used to identify it as fraud:
1.  The email is from a domain "enom.com.org" or "tucows.com.org".  The correct domain for both registrars is "enom.com" and "tucows.com" and the additional ",org" is not valid
2.  The email contains little specific information regarding any complaint, but includes a link for "Click here and download", which leads to a non-authoritative URL, page or pdf .  Clicking on the link prompts users to allow a file with a ".scr" extension (or other malicious file) to run on their computer.
3.  The email displays a hotline phone number starting with the area code 480.  This is not a valid hotline phone number

A sample copy of the email is shown here below for your reference.

Please delete these emails immediately as clicking on the link and running the associated file will install malicious software onto your computer.  If you have already received an email, and have clicked on the link, please take the appropriate steps to have your computer scanned and cleaned for viruses or trojans.  While we wanted to take the steps to advise you of the above threat, unfortunately EntirelyDigital will not be able to assist you with restoring your workstation - this is a phishing / security threat that is not directly related to our domain registration services with you and is outside our skill-set to assist with hardware / operating system issues.

We have scanned our internal servers and none of our services are affected.  The emails have originated from outside our network and the malicious threat is only enabled by user action (i.e. clicking on the link).

Should you have any questions, please don't hesitate to contact us.
 
-----

Dear Sir/Madam,

The following domain names have been suspended for violation of the ENOM, INC. Abuse Policy:

Domain Name: ERICSARTISTICCREATIONS.COM
Registrar: ENOM, INC.
Registrant Name: ROMEO MARRA

Multiple warnings were sent by ENOM, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,
ENOM, INC.
Spam and Abuse Department
Abuse Department Hotline: 480-523-2157

« Back