Loading

Phishing Alert : Please watch for emails like this

by Shashi Bellamkonda on November 1, 2008

Subscribe




We have been receiving reports that some customers are receiving spam/phishing emails that are fraudulent. There are reports that customers of other registrars are also receiving similar spam/phishing emails. The email we have seen has the subject line “Attention: domain will be expired soon.” There is a link the email that says “‘Renew your domain now and while it shows  http://www.networksolutions.com it actually goes to http://www.networksolutions.com.com42.asia>  now look closer , the link actually goes to the domain “com42.asia “. There are other domains and subject lines that are being used.

Please delete the email if it is suspicious. 

We want you to know that we are taking every possible measure to protect our Customers from this attack and mitigate its impact. We are working very closely with the Registries as well as ISPs to detect any new domains from which these attacks are coming and shut them down.

See image below as an example.

image

( You can click on the image to make it larger)

Please take precautions, when you click on any link in an email.  Also please make sure you check the top address bar of your browser before entering any information. A genuine network solutions page should look like this in the browser https://www.networksolutions.com/manage-it/index.jsp, the important part of this URL is that after the https://www.networksolutions.com/ there should not be any additional .com in the URL. Note that the link in the screenshot above has two .coms in the URL. You can also scroll over the link with your mouse and see where the link leads to in the status bar at the bottom of your browser.

If you believe you have received an e-mail of this type and have clicked on the link, and provided your login information, we recommend the following for security purposes:

  • login to your account
  • review your account information for accuracy
  • choose a new password security question and answer
  • change your password

If you believe any of your account information has been altered, please contact customer service immediately at: 1-800-333-7680

If you have questions, advice or ideas please feel free to leave a comment here on this blog. Here are some other  resources for learning more about Phishing :

http://www.microsoft.com/protect/yourself/phishing/identify.mspx

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

http://www.antiphishing.org/consumer_recs.html

http://www.businesswritinginfo.com/?p=302

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://www.commoncraft.com/phishing

Posts explaining and cautioning people:

http://www.sophos.com/security/blog/2008/10/1901.html?_log_from=rss

http://garwarner.blogspot.com/2008/10/first-enom-phish-now- network-solutions.html

http://www.domainnamenews.com/miscellaneous/network-solutions-proactive-in-fighting-recent-phishing-attack/3046

http://www.sophos.com/blogs/gc/g/2008/10/31/network-solutions-and-enom-targeted-by-phishing-attack/

http://www.circleid.com/posts/20081030_domain_slammers_go_phishing/

http://www.google.com/tools/firefox/safebrowsing/faq.html#q4

http://www.pcmech.com/article/fake-network-solutions-email-phishing-scam/

Find us on Facebook and follow us on Twitter for more posts like this!

Brought to you by Network Solutions®, a Web.com® service.

Related Posts

    • http://dkaiwilson.com Kaiberie

      I got a different one that said this:
      Dear Network Solutions® Customer,

      On Fri, 31 Oct 2008 08:35:18 +0100 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

      And went to sys55 dot biz in the url. I've forwarded it to spoof@networksolutions, in case it could help and can send it anywhere else :)

      Thanks again, and have retweeted this after mentioning it this morning to my twitterists.

    • Shashib

      Thanks Kaiberie,

      We are proactively working with the community and other organizations to help mitigate the issue.

      Shashi

    • TK

      We received the same Email as Juanse. Is that Email part of the Phishiing scam?

    • http://thetruckcam.com jeffhibbard

      Hi Shashi,
      Thanks for the heads up. I got one that says “Your whois information is innacurate”. But I got your email first :)
      Thanks for being on top things!
      Jeff

    • http://subwayknitter.com colleen

      I received the same email. Coincidentally, I had updated my contact information yesterday, so I had to read through the email before dismissing it as junk.

      Curiously, the phishers know to email me at the email address associated with my domain, but that's not the email I have listed as my contact w/Network Solutions.

    • Shashib

      Hi Colleen,

      I would still change your password just to be safe. We are proactively taking steps to spread the word and help protect our customers.

      Shashi

    • Shashib

      Thanks Jeff

    • doug

      I received several versions of the fake Network Solutions email – I clicked on the bogus link – it took me to a Google/Dell site – I gave no information – do I need to be concerned?

    • rw

      You are encouraging this Phishing scam by the email that you sent today to the domain admins:
      (1) your email has clickable links in it, which encourages such social engineering;
      (2) your email has a “From:” header indicating that it is from “NetworkSolutions@info1.networksolutions.com”, but the sending MTA that sends the email out (IP 64.14.81.242, with reverse DNS and SMTP EHLO of “netsol.outbound.ed10.com”) is not from that domain, and a “whois” of “ed10.com” shows that it is not registered to Network Solutions, but instead that the registrant is:
      E-DIALOG
      131 Hartwell Ave.
      LEXINGTON, MA 02421

      Shame. You don't care about protecting people from phishing scams; you just want to cover your ***.

    • Kristine Kurey

      I've received an email from NetworkSolutions@info1.networksolutions.com with the Subject line: Action Required: Important Account Information. Wants me to review your WHOIS information. Is this another phishing message?

    • Michael

      Why don't you provide SPF records like the banks do?
      At least we then can then filter out the phishing messages.

    • Darla

      @Juanse – I received that one too:

      from info@enom.com links go to: http://www.enom.com.sys43.ru/
      Dear user,

      On Sat, 1 Nov 2008 13:55:35 +0200 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

      The contact information for the domain which displayed in the Whois database was indeed invalid. On Sat, 1 Nov 2008 13:55:35 +0200 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

      PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com

      If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

      Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

      LINK TO CHANGE INFORMATION – http://www.enom.com

      Thank you,
      Domain Services

      [IncidentID:12397]
      http://www.enom.com.sys43.ru/

    • jane

      I also have received 2 emails like this below – is this another example? also recieved the network solutions one as well.

      Dear user,

      On Sun, 2 Nov 2008 19:39:49 +0300 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

      The contact information for the domain which displayed in the Whois database was indeed invalid. On Sun, 2 Nov 2008 19:39:49 +0300 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

      PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com

      If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

      Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

      LINK TO CHANGE INFORMATION – http://www.enom.com

      Thank you,
      Domain Services

    • Pingback: Two Domain Registrar Scam Emails | Dave Zan's Domain Name Blog

    • http://davezan.com David

      It's indeed another phishing email, Jane. Domain registrar eNom posted about it on their enom.com site.

    • R. Treasure

      Anyone can tell me what LDAP mean – when i type in my website i get that information. What should i do?

    • Pingback: Domain Registrar Phishing Scam Update | Dave Zan's Domain Name Blog

    • http://www.conexionesempresariales.com alejandro rodriguez

      como y donde cambio las claves y usuarios de mi dominio

    • http://www.lipoaspiracao.org Lipo

      I finally got an email from a credit card company warning about security breach that wasn't phishing. After calling the number on my statement, it turned out there had been an attempted security breach. I have always routinely discarded every email as phish thinking that they were all bogus, but something about this one seemed real. I'm glad I called and now I am going to check on the ones that come from companies that I actually do business with, just to be on the safe side.

    • emptydreamer

      i think that phishing is dumb.
      go to my site if you have piczo!
      http://www.emptydreamer.piczo.com
      it has codes

    • http://www.hsbcusa.com/security/recognize_fraud.html OnlineSafetyTeam

      Funky domain names always give fraudulent emails away. When you hover over a link you can usually see in the bottom left hand corner of your browser where it's going to take you. A good way to double check.

    • http://www.hsbcusa.com/security/recognize_fraud.html OnlineSafetyTeam

      Funky domain names always give fraudulent emails away. When you hover over a link you can usually see in the bottom left hand corner of your browser where it's going to take you. A good way to double check.