funsec mailing list archives

phishing domain registrars (ENOM)

From: Gadi Evron <ge () linuxbox org>
Date: Wed, 29 Oct 2008 03:47:06 -0500 (CDT)

I guess criminals are now looking to use established domain names, via phishing 
targeted at domain registrars.

I guess I will devote some of my time in the next few months to help educate 
registrars on protecting themselves from phishing attacks, before losses go up.

Spam message:

From - Wed Oct 29 09:39:44 2008

Date: Wed, 29 Oct 2008 09:32:46 +0100
From: eNom Support Team <support () enom com>
Subject: Warning: Inaccurate whois information.
To: gevaha () netvision net il
Message-id: <01c939a9$4d78fa00$7542b751@qrj>
MIME-version: 1.0
Content-type: multipart/alternative;
  boundary="----=_NextPart_000_0007_01C939A9.4D78FA00"

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C939A9.4D78FA00
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Dear user,

On Wed, 29 Oct 2008 09:32:46 +0100 we received a third party complaint of=
  invalid domain contact information in the Whois database for this domain=
  Whenever we receive a complaint, we are required by ICANN regulations t=
o initiate an investigation as to whether the contact data displaying in =
the Whois database is valid data or not. If we find that there is invalid=
  or missing data, we contact both the registrant and the account holder a=
nd inform them to update the information.

The contact information for the domain which displayed in the Whois datab=
ase was indeed invalid. On Wed, 29 Oct 2008 09:32:46 +0100 we sent a noti=
ce to you at the admin/tech contact email address and the account email a=
ddress informing you of invalid data in breach of the domain registration=
  agreement and advising you to update the information or risk cancellatio=
n of the domain. The contact information was not updated within the speci=
fied period of time and we canceled the domain. The domain has subsequent=
ly been purchased by another party. You will need to contact them for any=
  further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com.com62.biz

If you find any invalid contact information for this domain, please respo=
nd to this email with evidence of the specific contact information you ha=
ve found to be invalid on the Whois record for the domain name. Examples =
would be a bounced email or returned postal mail. If you have a bounced e=
mail, please attach or forward with your reply or in the case of returned=
  postal mail, scan the returned letter and attach to your email reply or =
please send it to:

Attn: Domain Services
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION - http://www.enom.com.com82.biz

Thank you,
Domain Services

[IncidentID:75047]
------=_NextPart_000_0007_01C939A9.4D78FA00
Content-Type: text/html;
        charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3DWindows-1=
252">
<META content=3D"MSHTML 6.00.2800.1506" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<div style=3D"width: 750px; font-size:14px; font-family: monospace;">
Dear user, <br />
<br />
On Wed, 29 Oct 2008 09:32:46 +0100 we received a third party complaint of=
  invalid domain contact information in the Whois database for this domain=
  Whenever we receive a complaint, we are required by ICANN regulations t=
o initiate an investigation as to whether the contact data displaying in =
the Whois database is valid data or not. If we find that there is invalid=
  or missing data, we contact both the registrant and the account holder a=
nd inform them to update the information. <br />

<br />
The contact information for the domain which displayed in the Whois datab=
ase was indeed invalid. On Wed, 29 Oct 2008 09:32:46 +0100 we sent a noti=
ce to you at the admin/tech contact email address and the account email a=
ddress informing you of invalid data in breach of the domain registration=
  agreement and advising you to update the information or risk cancellatio=
n of the domain. The contact information was not updated within the speci=
fied period of time and we canceled the domain. The domain has subsequent=
ly been purchased by another party. You will need to contact them for any=
  further inquiries regarding the domain. <br />
<br />
PLEASE VERIFY YOUR CONTACT INFORMATION - <a href=3D"http://www.enom.com.c=
om92.biz">http://www.enom.com</a> <br />
<br />
If you find any invalid contact information for this domain, please respo=
nd to this email with evidence of the specific contact information you ha=
ve found to be invalid on the Whois record for the domain name. Examples =
would be a bounced email or returned postal mail. If you have a bounced e=
mail, please attach or forward with your reply or in the case of returned=
  postal mail, scan the returned letter and attach to your email reply or =
please send it to: <br />
<br />
Attn: Domain Services
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260 <br />
<br />
<br />
LINK TO CHANGE INFORMATION - <a href=3D"http://www.enom.com.com62.biz";>ht=
tp://www.enom.com</a><br />
<br />
<br />
Thank you,<br />
Domain Services<br />

<br />
[IncidentID:10908]<br />
<br />
</BODY></HTML>

------=_NextPart_000_0007_01C939A9.4D78FA00--

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

phishing domain registrars (ENOM) Gadi Evron (Oct 29)