[registrars] Phishing scams targetting domain accounts now
Mark Jeftovic
markjr at easydns.com
Fri Jan 9 13:40:51 UTC 2004
We had a report from a user who received a fake "Verify your account"
forged email to look like it was from us, to an email harvested from his
whois record.
It directed him to:
https://easysdns.sslpowered.com/SSLSecurePage/AccountRenew
Which was (it is now cancelled) a mockup of our member signup form,
layout, etc.
We created a bogus account and filled out the form, it redirected us
back to our own site, indicating they are collecting the data (as
opposed to trying to init a reg transfer, slam the domain, etc)
Sure enough, within the hour two accesses to the bogus account were
attempted from IP's in California and Viet Nam.
This is clearly a phishing scheme designed to access domain holder
accounts, beyond that, we don't know. Maybe they think they'll find
credit card data in a compromised account (they won't) or they are
trying to actually hijack domains.
In any case, its something to keep an eye out for.
-mark
--
Mark Jeftovic <markjr at easydns.com>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237
More information about the registrars
mailing list