Beware fake renewal notices and how to spot them

Phishing email how to spotWe’ve just had a client contact us wondering about an email they’d received threatening to suspend their domain – the kind of message that will get your attention for sure!

Let’s have a look at the email and see what red flags you should be looking for to avoid being ripped off.

The subject is…

“yourdomain.com Service Suspension” to grab you attention.

The email message opens with the following text in a red box for additional scare factor…

SERVICE SUSPENSION NOTIFICATION
SUSPENSION REASON: OVERDUE ON PAYMENT
EXPIRATION DATE: A date in the past

It goes on…

Account Suspension
UNPAID SERVICE FOR DOMAIN Notice#: 502042234
yourdomain.com Date: 08.30.2018
DOMAIN: yourdomain.com

Of course they want paying…

PROCESS SECURE ONLINE PAYMENT TO COMPLETE YOUR PAYMENT.

Hovering over the link button reveals a very suspicious destination domain name “fasttrafficu.party”. Avoid and DO NOT CLICK!!!

Registrant Name: Registered Name
None Selected, , US
Domain Name: yourdomain.com
Registration Period: 09.08.2018 to 09.08.2019
Price: $84.00 Cost is far too high!
Term: 1 Year

They want you to pay up quickly…

FOLLOW UP ON SECURE ONLINE PAYMENT TO PROCESS PAYMENT FOR yourdomain.com
ACT IMMEDIATELY!

Dear ,
This information is generated automatically as a service to you. Failure to complete your domain service name registration order by 09.07.2018 will result in account suspension. We reserve the right, at our sole discretion, to close any and all of your Account(s) with us (making it difficult for your customers and friends to locate you, using search engines on the web). After that is will not be possible to recover any data. You must renew your domain name to retain exclusive rights to it on the Web. You can take advantage of our best savings.

PLEASE NOTE:

Starts with the usual guff…

This Email contains information intended only for the individuals or entities to which it is addressed. If you are not the intended recipient or the agent responsible for delivering it to the intended recipient, or have received this Email in error, please notify immediately the sender of this Email at the Help Center and then completely delete it. Any other action taken in reliance upon this Email is strictly prohibited, including but not limited to unauthorized copying, printing, disclosure, or distribution.

Then gets interesting in the real small print…

We do not directly register or renew domain names. This is not a bill or an invoice. This is a optimization offer for your webside. You are under no obligation to pay the amount stated unless you accept this purchase offer. Promotional material is stricly along the guidelines oft he can-spam act of 2003. They are in no way misleading. You have received this message because you elected to recieve notificaton offers. Unsubscribe here if you no longer wish to receive our notifications. Thank you for your cooperation.

Multiple spelling errors are a clue in the legal statements and if you read carefully the fraudsters try to absolve responsibility for the payment request.

Check the from email address

This email came from “info@docst.org” so have a look at www.docst.org and run a whois check on the domain. Registered early August 2018 so looks like it has been bought for fraudulent purposes. Newly registered domain is highly suspicious and the domain is not a domain registry

Conclusion

Most phishing emails will be looking for a speedy conclusion to their fraud so adding an element of peril in to the equation puts the victim on the back foot ready for a panic buy.

You should certainly seek a second opinion before progressing to an online payment.

Our clients are free to consult us on these matters and we manage their domain portfolios so that there is no need for them to worry about domain suspensions or losses.

Contact us today if you have any problems with domains – we can help!