The number of e-mails attempting domain name fraud is increasing and many people receive phishing e-mails that are confusingly similar to inquiries from e.g. Chinese authorities. Below, you will find a few tips on how to identify and handle domain name fraud attempts.
The senders, who pretend to be domain name registrars, often address proprietors directly. Their e-mails state that they have received an inquiry concerning the registration of a domain name, which is identical with the proprietor’s existing domain or trademark.
The sender then provides a short deadline for the proprietor to either confirm his or her ownership or secure the domain against payment.
Example of domain name fraud #1
Dear CEO or General Manager,
Please read this letter carefully since this is an urgent case. We are an agency engaging in registering brand name and domain names. Today, our center received an application from [domain name] and they apply to register [domain name] as their brand name and some top-level domain names (.CN .HK etc).
We found the main body of domain names is same as your company name. I am not sure about the relationship between you and them.
Please tell me whether or not your company authorizes them to register names.
We are dealing with the application and we need to confirm whether you have authorized them? If you don’t authorize them, please reply me an e-mail. Looking forward to your reply.
Example of domain name fraud #2
Please forward this to your CEO, because this is urgent. Thanks!
This is [name, title, company name], which is the domain name registration center in [city, country].
On [date] we received an application from [company name] requested [domain name] as their internet keyword and China (.CN) domain name [domainname].cn.
But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is associated with your company or not?
Tips for identifying domain name fraud
- The response deadline is always short (typically 48 hours).
- Google the domain name registrars. If the scammers are known, the internet will confirm it straight away.
- Check whether or not the domain name in question is actually registered and make sure to check the time of registration. For .com domains you can use ICANN Lookup. For .cn domains you can use CNNIC).
As a starting point, we recommend our clients to avoid responding to inquiries and avoid clicking on any links.
Inquiries like the above are a well-known form of phishing attacks. At best, the sender is trying to sell you one or more domain registrations. At worst, the sender wants to access information about people in your company, who could then be exposed to hacking.
Therefore, it is our clear recommendation that you delete e-mails such as the above without replying. Instead, if you wish to register domain names domestically and/or abroad, you should contact a reliable domain name registrar.
You are welcome to contact Plougmann Vingtoft if you have any doubts regarding a current case or want assistance regarding your domains. You can find our consultants here or send an e-mail to email@example.com.