Emails try to get you to download file.
A Domain Name Wire reader has received 4 phishing/malware attempts within the past hour, and web searches show that the scam is widespread.
Here’s a copy of one of the phishing emails:
Date: Mon, Oct 26, 2015 at 5:04 PM
Subject: Domain [redacted] Suspension Notice
The following domain names have been suspended for violation of the DYNADOT LLC Abuse Policy:
Domain Name: [domain redacted]
Registrar: DYNADOT LLC
Registrant Name: [name matching whois]
Multiple warnings were sent by DYNADOT LLC Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here [LINK] and download a copy of complaints we have received.
Please contact us by email at mailto:firstname.lastname@example.org for additional information regarding this notification.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101
Clicking the link in the second-to-last sentence attempts to download a file. The phone number is invalid.
Although all four emails the reader received spoofed Dynadot, apparently other registrars are also being spoofed.
Moniker just sent a notice out to customers reminding them that:
Moniker Online Services LLC. will not send any notices regarding your domains without your account number present within the email. We do not send notices with links to download files regarding your domains. If you are unsure of the validity of your emails please check the email headers to determine the source and return path for the email address. If you are still in doubt, forward any emails you are unsure of to email@example.com if it is a valid email we will notify you properly.