Phishing attack mimics ICANN; asks for domain login information.
A new phishing attack has been launched at domain name owners. It appears that the registrar where the phishing domain ICANNResolve.com was registered has taken it down.
The e-mail used in the scam tells users that ICANN is upgrading all domain names in its database and that domain owners must submit their domain name information including username and password. The e-mail directs domain owners to ICANNresolve.com, which is a fairly good spoof of ICANN’s web site (see image below).
Here is the text of the e-mail:
Subject: ICANN – Domain Upgrade Notice
>Date: Tue, 24 Jun 2008 06:22:08 +0200
>Dear Domain Account Holder,
>You are being sent this notice from ICANN due to the fact that you
>currently own an active domain name. ICANN is currently upgrading all
>domains from their registry database.
>The upgrade will introduce new control options for your domain and easier
>access. The new upgrade is required by the registry. All domain users are
>expected to submit their domain information manually at
>http://www.icannresolve.com/ [xxxxxxxxxxxxxxxxxxxxxxx] with the
>required information for ICANN to apply the required updates.
>The upgrades will be applied to accounts on a first come, first serve
>basis. You have until July 25, 2008 to submit the required information to
>avoid service and domain interruption.
>Thank you for your time.
>ICANN.org Resolutions Department
Thanks to a reader for the tip.