10|28|2008 06:28 pm EDT
We have received several reports of phishing scam emails that at first glance appear to be coming from domain name registrar Enom.com. The emails warn of a complaint for invalid whois information and ask the user to login. Of course the link that the email directs you to is not a valid Enom domain name. The site is likely harvesting user names and passwords to access legitimate Enom accounts.
The link in the email actually takes you to the domain name com92.biz . When we attempted to visit the site McAfee put up a warning page that said
Reported Web Forgery! This web site at www.enom.com.com92.biz has been reported as a web forgery and has been blocked based on your security preferences.
Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.Entering any information on this web page may result in identity theft or other fraud.
If you do get to the site it is designed to look exactly like the enom home page. The domain is registered by a Russian at the Chinese registrar OnlineNic . A copy of the email is below.
On Tue, 28 Oct 2008 23:25:34 +0300, “eNom Team” <firstname.lastname@example.org> said:
On Tue, 28 Oct 2008 23:25:34 +0300 we received a third party complaint of
invalid domain contact information in the Whois database for this domain.
Whenever we receive a complaint, we are required by ICANN regulations to
initiate an investigation as to whether the contact data displaying in
the Whois database is valid data or not. If we find that there is invalid
or missing data, we contact both the registrant and the account holder
and inform them to update the information.
The contact information for the domain which displayed in the Whois
database was indeed invalid. On Tue, 28 Oct 2008 23:25:34 +0300 we sent a
notice to you at the admin/tech contact email address and the account
email address informing you of invalid data in breach of the domain
registration agreement and advising you to update the information or risk
cancellation of the domain. The contact information was not updated
within the specified period of time and we canceled the domain. The
domain has subsequently been purchased by another party. You will need to
contact them for any further inquiries regarding the domain.
PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com.com92.biz
If you find any invalid contact information for this domain, please
respond to this email with evidence of the specific contact information
you have found to be invalid on the Whois record for the domain name.
Examples would be a bounced email or returned postal mail. If you have a
bounced email, please attach or forward with your reply or in the case of
returned postal mail, scan the returned letter and attach to your email
reply or please send it to:
Attn: Domain Services
14455 N Hayden Rd
Scottsdale, AZ 85260
LINK TO CHANGE INFORMATION – http://www.enom.com.com72.biz