30
2008
Steve
If this is your first time here, you may want to subscribe to my RSS feed or follow me on twitter.
This is a warning to website owners who may be receiving emails disguised to be coming from registration companies such as Network Solutions. Here is one that was sent to a client of mine this morning.
From: NetworkSolutions Support [mailto:tech@networksolutions.com]
Sent: Thursday, October 30, 2008 6:27 AM
To: email@removed.com
Subject: Your domain is expired today!Dear Network Solutions Customer,
We recently notified you that the registration period for your Network Solutions domain name had expired. As a benefit of having previously registered a domain name(s) with Network Solutions, you are eligible to receive a percentage of the net proceeds that were generated from the renewal and transfer of the domain name you chose not to renew. Since you have chosen not to renew the domain name listed below during the applicable grace period, we were successful in securing a backorder for this domain name on your behalf and it has been transferred to another party in accordance with the Service Agreement.
Renew your domain now - http://www.networksolutions.com
You must click on the following link, enter your domain name, and confirm your contact information in order to claim these funds. If your contact information is not correct, you must enter Account Manager and make the appropriate changes prior to clicking “submit” from the confirmation screen. If you do not do this, you will be confirming inaccurate information and will not receive any payment. Checks will only be made payable and mailed to the Account Holder of record.
Sincerely,
Network Solutions® Customer Support
Now this client does not even have their domain names registered with Network Solutions, secondly the domain name it was sent to does not expire until 2014. The link to NetworkSolutions.com was actually taking the viewer to http://www.networksolutions.com.sys49.mobi
Look at the true domain name in that url, sys49.mobi This domain name is already listed on the URIBL and SURBL which will flag the message as spam for most spam filter systems. The actual site looks like this.
This site looks like NetworkSolutions.com and is setup to capture your domain login information to then steal your domain name. If you have received this email and filled out your login information, please change your login password now. If you find yourself locked out already, please call network solutions 800-333-7680 and have that information changed.
October 30th, 2008 at 10:59 am
I had a client recently get phished for their AdWords login. They ended up spending like $50k in 2-3 days on ringtone ads. That’s why you should always hover the cursor over the link to see what the real URL is and also check the address bar. But this will never go away. It’s only geeks and experienced internerds that regularly check for those things.
October 30th, 2008 at 11:52 am
This same client sent me an email yesterday claiming to be Enom, I explained to them to look at the URL and how it was fake. Then I got this email this morning from the same client, just goes to show that not all people pay attention the first time.
Was your client able to get a refund on their adwords account? I would think tracking the person down who stole it would be easy to trace via their affiliate links on the ringtone site.
October 30th, 2008 at 11:59 am
Google refunded them and took care of them. Even if they hadn’t, I’m sure their credit card company would have provided them some fraud coverage.
As for whether or not Google tracked the person down or not, I don’t know.
October 30th, 2008 at 12:33 pm
Glad to hear they got their money back. I am sure phishing adwords accounts is common, but I wonder how much effort Google puts into tracking those thiefs down. All those affiliate links or even the products they sell themselves can be tracked back to someone who is getting paid.
Add A Comment