Application security, Security Strategy, Plan, Budget

Phishing fraud emails target domain name owners

Domain name owners are the target of a sophisticated scam disclosed by the SANS Internet Storm Center late last week.

According to a report received by the nonprofit organization, scammers initially sent victims an email with an offer to purchase a domain name. Recipients were then directed to what appeared to be a forum discussion page addressing the most reliable appraisal services for domain names, according to SANS researcher Lenny Zeltser.

The bogus email read, "Of course we must be sure that you are engaging a reputable appraisal company. I heard many appraisal companies often made inaccurate appraisals. I will only accept appraisals from independent sources I trust." The message then links recipients to a forum page.

After fake forum inquiries are made about appraisal services, a user named "NameSeller" corresponded with other users, and a consensus was reached naming securenamesale[dot]com as the winner, according to the Saturday SANS post.

Securenamesale[dot]com is likely not a legitimate service, according to Zeltser’s citations of victim reaction on public forums. The website sells domain appraisal software for $99, he said.

Scams targeting the owners of domain names are nothing new.

In February 2001, the Federal Trade Commission (FTC) asked a U.S. District Court to halt a scam duping consumers into registering variations of existing domain names. The FTC estimated that at least 27,000 website owners were victims of that scam.

Web-based fraud cases cost consumers about $200 million during 2006, according to just-released statistics from the FBI.

Ron O’Brien, senior security analyst at Sophos, told today that this scam could be considered spear phishing.

"The fact that someone is effectively trolling for someone else who would sell his or her domain name is a form of phishing," he said. "And then when you go to a particular domain name to find out that it’s a static web page, it’s basically a form of false advertising or fraud."

O’Brien added that the primary motivation of the fraudster was to take $99 payments while knowing the domain name won’t be sold, although other motives are possible.

Click here to email Frank Washkuch Jr.

Looking for a new job? SC Magazine's Jobs page is the perfect place to check out new IT security employment opportunities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.