It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated.

In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a Chinese company purporting to be a domain name registrar. The warning states that another business is attempting to register your existing domain name in Asia with various country-code specific top level domains (ccTLD). For example, since ESET has the eset.asia, eset.hk, eset.org.cn or other domain names in use in China, Hong Kong, India, Taiwan and so forth. The message then goes on to warn that you have a short amount of time to purchase the domains yourself before they are offered to the other party.

This is, of course, a scam; the other party is fictional and some of the domains you are being "offered" may already be registered and in use by your company.

If you do receive such a message, here are steps you can take to minimize the damage:

  1. If, despite all of the warning signs, you feel for some reason that the message might be legitimate, open a new instance of your web browser, visit your favorite search engine, and type in the same of the domain name registrar along with keywords such as hoax, scam and spam. For example, if the domain name registrar is named "Worldwide Network Services" then you should type in "Worldwide Network Services + spam" for your search terms.
  2. The scammers behind these types of messages often make small changes to them in order to make it more difficult for anti-spam tools to detect them. If the messages did not get sent to the spam folder in your email client, be sure to flag them as spam to help better classify them in the future.
  3. Review what email addresses are made available on your web site, including old press releases and downloadable documents. It may be those addresses no longer need to be displayed, could be obfuscated better or replaced by a contact form.
  4. You should never reply to messages sent by scammers. By replying, you let them know that not only have they found a valid email address at your company but that they can also send you additional emails and share your email address with other scammers.

Scams like these existed long before the Internet, and will continue to exist long after the Internet as we know it has been replaced. A little caution and a little common sense, though, go a long ways to protecting you from them.

For more information, including the reason for the name of the article, see ESET Threat Blog articles The Tits Alternative and There’s More to Jacques Tits than Meets the Eye, as well as an article here from our friends at Norman from March, 2009. Our friends at anti-spam vendor Firetrust also discussed domain registration scams extensively here in their blog in March, 2008.

Regards,

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher