Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Someone is attempting to register your domain in [insert country name here]

Published: 2010-11-18
Last Updated: 2010-11-18 20:03:35 UTC
by Chris Carboni (Version: 2)
7 comment(s)

Dear Mr. Carboni,

"We are a Network Service Company which is the domain name registration center in [some city and country]. On Nov. 16 2010, we received an application from [some company that doesn't exist] requested "Sans" as their internet keyword and [country and (TLD)] domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor or business partner in [country name]?


[some person name]
[some company name]
[some company address] etc ...


Really?  Oh no!  I might lose my company.com/cn/af/sk/so/br domain in China/Afghanistan/S.Korea/Somalia/Brazil/ ...!

This is a scam that is several years old and I'm finding out is not as widely known as I originally thought.

Back in the day I used to receive this type of email at least a few times every month, usually from a different person/company/country.

If you call / email or in some way return communication, in my experience, the "registrar" tries to extort you for some amount of money telling you that if you don't pay (I remember one for $10000 USD and another was much more though I can't remember the exact amount - credit cards gratefully accepted) you will lose whatever domain they're telling you someone is trying to register.

There may be other angles that I haven't seen before but the bottom line is this is a scam that can be filed with the other scams, phishes, hoaxes and other stuff which (hopefully) is caught by your spam filter.

 

Update:

One of our other Handlers pointed me to an excellent  article by Dr. Neal Krawetz on this very scam.  Read about it in the Hacker Factor Blog.

 

Christopher Carboni - Handler On Duty

Keywords:
7 comment(s)
Diary Archives