Whois verification is just begging for phishers.
A lot has been made about the new requirement this year for domain name registrars to verify certain aspects of Whois contact information provided by registrations.
Over a million domain names have been suspended due to the failure by the owner to click a link in an email sent by the registrar for a domain name.
But don’t click to quickly. It might be a phishing attempt.
In fact, the way it’s set up, this verification process was basically begging for phishers to get on board. Here’s an email I received this morning:
As of Dec 1, 2014, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications.
You have registered one or more domains from Godaddy Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until 01/01/2015 to verify this email address. After this date, the domain name(s) will be suspended until the email address is verified. please cut-and-paste the following URL into an open web browser to complete the verification process:
service-godaddy.com/raaverification/verification/VerificationCode=[a bunch of numbers and letters]
Once you click the link, your email address will be instantly verified and there is nothing further for you to do on the following domains:
That link is for service-godaddy.com, a domain name registered at eName. Similar emails are also making the rounds using the domain name serviceS-godaddy.com.
Fortunately, most major browsers have these labeled as phishing sites already.
The verification currently in place is really stupid. It does not stop a criminal from running their operation, it does make it easier for people to run phishing expeditions and it does cause websites to be suspended with no good reason.