If you are the registered owner of a domain name then you could be targeted by some malicious emails purporting to be sent from your domain registrar. These are so called ‘phishing’ emails.
These emails are part of a large scale phishing scam, targeted at a large number of domain registrars. You may find that you have received similar emails from different registrars that you have registered domain names. Although this isn’t a particularly sophisticated scam, people are clicking on the link and falling for the scam which could download viruses or malware to your computer.
These phishing emails are commonly using the subject line “Domain [xyz] Suspension Notice ” and will prompt you to download an attachment, or reply directly to the email. We ask that you are extra vigilant when checking your email, especially with regards to any emails asking you to click on a link, or download any attachments.
Sometimes these emails can appear more credible than other spam emails as it might mention a domain name you own and when it expires. This information is publicly available so any reasonably sophisticated ‘scraping’ operation can harvest domain names, associated registrar email account and expiry date to construct a fairly credible looking phishing email.
See an example domain name phishing email here:
Here are some general tips on how to spot or avoid getting scammed by domain name phishing emails:
- The genuine company should use your name, and then one other piece of personal information in the email such as account number, home post code, billing address etc.
- Keep up-to-date records of where your domains are registered, the expiry dates and account details – it’s safer to go direct and log in to your account on your domain registrar’s website than clicking on a link in an email if you have any doubts.
- Check the links in the email before you click on them by hovering over them with your cursor – your email program should show a preview of the link so you can check if it matches the company that it purports to be from.
- Check the email message headers for the source of the email – in Mozilla Thunderbird that’s in View > Headers.
- Keep your anti-virus software up to date and active.
See this blog article for further reading: Domain phishing: Why it’s happening & How to protect yourself