Fake/Scam Emails about renewing your Domain

After the post I did a couple of days ago about a spam/fake domain email sent to one of my clients.

Today we’re looking at a different kind of domains scam/fake email that arrived in my inbox! This time the scammers want to change you to renew a domain which you own, but that DOES NOT need renewing.

Here’s the email I received – it had the subject: “WHYCHRISTMAS.COM Registration Expiration Notice”

This e-mail is to reiterate to you that your bill ID no. f4439aa8abff4f11958640386263ff0b due on 2020-08-15 is SUSPENDED. Please ensure that you settle payment AS SOON AS POSSIBLE to avoid any TERMINATION of service to WHYCHRISTMAS.COM.

Do take note that if no payment is received within the following 2 business days, your data may be purged and deleted.

[Link removed so no one will click on a dodgy link!]

Disclaimer note: We can’t be held legally accountable for any claims, damages or loss which you might incur because of the cancellation of WHYCHRISTMAS.COM. Any such damages may include but aren’t solely restricted to: financial losses, deleted data without backups, loss of SEO rankings, lost customers, undeliverable e-mails and any other service, business or technical damages that you might incur. to learn more please refer to section 12. a4 of our Terms of Service.

This is the final renewal message which we are required to send out about the expiration of WHYCHRISTMAS.COM certificate.

[Link removed so no one will click on a dodgy link!]

All online services will be restored automatically on WHYCHRISTMAS.COM upon successful confirmation of payment. We thank you for your urgent attention to this matter and continued business.

This message is addressed to [email protected] and the content of this email are private. The contact persons on file are James Cooper at JPC-DESIGN. If this is in error you may be able to update your listed information on the renewal page:

[Link removed so no one will click on a dodgy link!]

Please consider the environment prior to printing this e-mail

The first thing to notice is that there’s no company name on the email, just some scary looking text and some links.

The email came from an email using a ‘domainamebadge.com’ address. That domain was only registered on the 4th August 2020 (so 11 days ago!). There is NO SITE on it if you try and visit that domain.

The links in the email all went to a page on the domain registerorg.ga. This is a rather ‘interesting’ one. Domains endings in .ga are using the ‘country code’ for the Gabon – but anyone can register them! This domain was registered in with an address in Jamaica on the 11th August 2020 (so four days ago!) and it’s hosted in Russia through a hosting company registered in Belize!

There is NO SITE if you visit the ‘root’ of the domain (i.e. the domain without any bits after the .ga bit). However, there is a page if you click the long links which were in the email.

But the page you get to is a complete fake and is simply there to steal your money and/or personal details. This is also known as phishing.

In my case, they’re trying to get money out of me to renew the domain for my big Christmas site (www.whychristmas.com). Everything in their email is a lie. This domain doesn’t need renewing until 2026. It’s the 15th of August 2020 today and my site is happily working!

On the fake site, it claims to be for a company called “Domain SEO Service Registration Corp”. A quick Google of that name shows that scammers using that name have been in this business FOR YEARS using different sites and domains to do their dirty work. They’ve even sent letters to people in the past to try and con them into paying money for worthless services. They are nothing but crooks.

On the fake site, none of the footer links work. There are ‘click to edit’ links to change things like the ‘Registration Information’ and a ‘User Login’ button. But they do nothing either.

There’s an ‘About Us’ link which displays three paragraphs of generic rubbish. There’s a ‘Contact Us’ link which displays an address in Miami (which is the back alley behind a rental office block) and fake phone and fax numbers.

Putting these phone numbers into Google, we get another identical scam/phishing page on a different URL and also lots of people warning and complaining about fake emails from these domain scammers!

In fact the only thing that works on this site is the ‘Order’ button where they can take your credit card information. And being crooks, they might well then use your information to buy things for them with your money! (There’s no domain listed on the scam page either, meaning the scammers can simply send out the same link on all of their spam, grrrrr.)

As I said in my previous post about domain email scams: you can (and might well) get legitimate emails from the company where your domain is registered reminding you that your domain is due for a renewal. But they will never make any of the claims listed is these types of scam emails. And they will have the company’s name on them!

Conclusion

Please beware if you get a scary looking email like this.

Take some basic steps, like Googling, to see if similar types of iffy looking emails are out there (one of the reasons I’m posting this blog is to help people if they do that!).

If you get an email like this. Don’t Panic. Don’t Waste Your Money. Hit The Delete Button.

[I will be reporting the domains in question to the companies where they were registered and are hosted to try and get them closed asap. But sadly, no doubt, the crooks will set up new sites and keep on sending out scary looking spam…]

Update 17th August 2020

I’m pleased to say that the Gabon domain which had the phishing site on it has been deleted by the domain registrar – along with another Gabon domain which has been set-up on Saturday to do the same thing! The hosting company of the ‘other’ phishing site I found through the dodgy phone number has also deleted that account!

Contacting domain and hosting companies can really help!!!

Leave a comment