Scammer sends fake renewal notices with goal of getting your credit card information.
ICANN may have shut down Domain Registry of America for now, but new scams pop up just about every day.
Joseph Peterson sent one example to me today that I haven’t seen before.
He received an email with the subject line “something.com EXPIRATION!”, in which something.com matched one of his domains. Although his domain doesn’t expire until next year, the email claims it expires October 14.
Interestingly, the email advertises that renewing the domain name only costs only $3 for a year (more on that later). If you click the payment link, you’ll see a page like this:
Here are some interesting things about this scam:
- The site is designed to look like ICANN; it uses the logo and even an ICANN copyright notice on the bottom. If you click the “News & Media” link at the top, you’ll get recent ICANN stories.
- The prices are all well below wholesale. This perpetrator isn’t going to actually renew (and transfer) your domain if you pay; it’s just trying to get some money out of you and/or your credit card information.
- The site uses the URL structure domaiinregistration.com/?domain=something.com&date=10-14-2014. Just changing the URL changes what shows up on the page for domain and registration dates.
domaiinregistration.com was registered on September 18 to someone using an address in China at registrar Chengdu West Dimension Digital Technology Co., Ltd.
Of course, as soon as the domain name is shut down, the perpetrator just has to register another domain name, upload the site, and continue emailing people based on their whois info.
John Berryhill says
“This perpetrator isn’t going to actually renew (and transfer) your domain if you pay; it’s just trying to get some money out of you and/or your credit card information.”
That’s refreshingly straightforward. Finally, an honest WHOIS-powered scammer.
Jean Guillon says
ICANN lacks authority to take such website down. Let’s hope Internet V2 allows that.
They also registered blockchaiins.com
My guess is that at those prices they would have done just as well simply offering “search engine registration” or something that was seemingly legit at a price of $3.00. They could probably exist for quite some time using various logos (such as ICANN) until they got a C&D from ICANN.
“Of course, as soon as the domain name is shut down, the perpetrator just has to register another domain name, upload the site, and continue emailing people based on their whois info.”
They may actually be providing a good service here.
I mean for the $3 (which the cc company will refund if you take the time to contact them obviously) they will educate someone and prevent them from losing a larger amount of money later on with a different scam by a different scammer.
Yep ive been getting those for a few days or so now.Lots of them
CentralNic’s domains provide an alternative to the existing Top Level Domains (TLDs, such as .com) and Country Code Top Level Domains (ccTLDs), allowing the creation of a simultaneously local and global Internet Identity.
Look, the US Government’s established: Congressional Trademark Caucus!
Because they want to ensure business buy: “legitimately registered Internet domain names” rather than the Spurious Marks sold by Centralnic; and their “ICANN Accredited” Ilk.
I am still getting snail mail from the “domain registry of canada”. i guess the canadian arm is still up and running.
I’ve seen tons of snail mail from companies in the US too with pseudo-official US names. I can’t count the number of times friends and clients ask me about them, because they look like an invoice for renewal.
I think most by now are aware of these types of scams. But it is always great that people share. Thank You.
You’re the first guy I’ve seen who also gets mail from this ridiculous outfit which suggests a renewal price of about US$35 – about triple the going rate. I first started getting these in Northern Ireland and they continued when I returned to Canada.
I have about 500 domains. However, fortunately I only get 3/4 of these letters/year
If you received solicitations from resellers of Brandon Gray after 12 August 2014, please send a copy to email@example.com for review.
“Of course, as soon as the domain name is shut down, the perpetrator just has to register another domain name…”
I just received the same scam domain registration renewal email from:
**Notice, that “Domaiinn” is now spelled with ‘double i’ AND ‘double n’ versus the previous version “Domaiin” with just ‘double i’.
After doing a Google search for Domain@DomaiinnRegistration.com and DomaiinnRegistration.com (with ‘0’ results), I opened a thread to raise awareness…
…only to then find lots of coverage here on DNW (albeit with the previous misspelled DomaiinRegistration.com domain).
Andrew Allemann says
Thanks for sharing. We should pretend our awareness efforts aren’t futile, even though the scammer will just keep moving to a new domain…
Raj Domains says
these kind of scam pop ups … will be harmful for everyone… ICANN is trying to control it … maybe it will be helpful
Andrew Allemann says
I suspect this ICANN notice released today is about this scam:
Not sure why this is published to the new TLD section of ICANN’s website.
Chengdu West Dimension Digital Technology Co., Ltd. has registered 0732.com aswell as other websites I’m sure. He/She is currently trying to scame bitcoin out of people by claiming that they’ve hacked your computer and have all your personal information. They’ve bought a list of known passwords and are spamming the owners of the passwords.
Andrew Allemann says
Chengdu West Dimension Digital Technology Co., Ltd. is the registrar, not that registrant, of that domain.