Subscribe to RSS Feed

10|28|2008 06:28 pm EDT

WARNING: Enom Phishing Scam

by Adam Strong in Categories: News

We have received several reports of phishing scam emails that at first glance appear to be coming from domain name registrar Enom.com. The emails warn of a complaint for invalid whois information and ask the user to login. Of course the link that the email directs you to is not a valid Enom domain name. The site is likely harvesting user names and passwords to access legitimate Enom accounts.

The link in the email actually takes you to the domain name com92.biz .  When we attempted to visit the site McAfee put up a warning page that said

Reported Web Forgery!  This web site at www.enom.com.com92.biz has been reported as a web forgery and has been blocked based on your security preferences.

Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.Entering any information on this web page may result in identity theft or other fraud.

If you do get to the site it is designed to look exactly like the enom home page. The domain is registered by a Russian at the Chinese registrar OnlineNic . A copy of the email is below.

On Tue, 28 Oct 2008 23:25:34 +0300, “eNom Team” <info2@enom.com> said:
Dear user,

On Tue, 28 Oct 2008 23:25:34 +0300 we received a third party complaint of
invalid domain contact information in the Whois database for this domain.
Whenever we receive a complaint, we are required by ICANN regulations to
initiate an investigation as to whether the contact data displaying in
the Whois database is valid data or not. If we find that there is invalid
or missing data, we contact both the registrant and the account holder
and inform them to update the information.

The contact information for the domain which displayed in the Whois
database was indeed invalid. On Tue, 28 Oct 2008 23:25:34 +0300 we sent a
notice to you at the admin/tech contact email address and the account
email address informing you of invalid data in breach of the domain
registration agreement and advising you to update the information or risk
cancellation of the domain. The contact information was not updated
within the specified period of time and we canceled the domain. The
domain has subsequently been purchased by another party. You will need to
contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION – http://www.enom.com.com92.biz

If you find any invalid contact information for this domain, please
respond to this email with evidence of the specific contact information
you have found to be invalid on the Whois record for the domain name.
Examples would be a bounced email or returned postal mail. If you have a
bounced email, please attach or forward with your reply or in the case of
returned postal mail, scan the returned letter and attach to your email
reply or please send it to:

Attn: Domain Services
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION – http://www.enom.com.com72.biz

Thank you,
Domain Services

[IncidentID:14166]

Tags: , , , ,

19 Comments

Tony Toews

October 28, 2008 @ 9:36 pm EDT

There are other URLs in the phishing emails I received. sys52.net, com94.net, com82.biz, com62.biz and com72.biz.

Also there is a variation stating “we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: …” “For access your account follow this link – com72.biz”

Jason

October 29, 2008 @ 12:40 am EDT

Thank you for the post. I was just about to click on it and thought I will check to see if there is anything about the email that I needed to know about first (suspicious). A quick search in google brought me to you so thank you for posting this to let us know
All The Best
Jason

David

October 29, 2008 @ 2:35 am EDT

Ditto. just rcvd this email with slightly different date/time. As with most phishing messages, actally reading it reveals how phony it is. In this case, the date and time mentioned in three different places is the same exact time stamp. Makes no sense. If the people who engage in this fraud were actually bright, they would probably choose to do something more productive with their lives than attempting to defraud others. In the end, most criminals are too lazy and stupid to actally master their craft.

James

October 29, 2008 @ 9:47 am EDT

They almost got me. Only thing that really stopped me was that the email said that they sent a notice with a date/time in the future and even if that were a mistake, no group would require instant response to an email like that. Whew!!

Nancy

October 29, 2008 @ 10:49 am EDT

I got this email as well but what tipped me off is that they didn’t tell me which of my website had incorrect info. I think enom would have put information about what website they were talking about in their email to their customer. The one I got says my contact info was found to be incorrect so they had sold my website URL to someone else and I would need to contact the new owner to discuss…but again they didnt’ include who that new person was. They aren’t too bright. I NEVER click links in emails; I go to the website by typing in the original URL manually and check my account to verify there are no problems. I wonder why no government agency is pursuing and prosecuting these scammers.

Kyle

October 29, 2008 @ 11:46 am EDT

same things here, i was about to see what it was until i found this site. thanks for informing me.

Dor

October 29, 2008 @ 12:16 pm EDT

Me too, but please keep it to yourself what was wrong with the email, if not they will get better..

Chris

October 29, 2008 @ 1:08 pm EDT

I have received a number of these today. They are quite convincing. Thank you for posting this and preventing me from responding to them.

Dustin Erickson

October 29, 2008 @ 1:13 pm EDT

They almost got me too :)

I moused over the link which gave it away for me – enom.com62.biz…

Pretty sneaky though!!

Pete

October 29, 2008 @ 1:17 pm EDT

I had just renewed my domain so was nearly suckered in, but the email had inaccuracies which led me to check and here.

Enom Phising spam - dnzup

October 29, 2008 @ 1:45 pm EDT

[…] vara flera adresser (minst 2) f?r jag l?ste om detta tidigare idag p? WARNING: Enom Phishing Scam | Domain Name News och d?r handlar det om [com92.biz] N?r man whoisar s? st?r ryssen p? b?da.. __________________ […]

Mark

October 29, 2008 @ 3:18 pm EDT

hmmmm…nice try but i always laugh when i get this crap in my inbox addressed to an e-mail address i set up solely as a contact point for an online game that has the same made up character name as the e-mail address.

[…] on the heels of the recent Enom phishing scam, another phishing attack attempting to con domain name registrants into providing their customer […]

[…] on the heels of the recent Enom phishing scam, another phishing attack attempting to con domain name registrants into providing their customer […]

Steve Marino

October 31, 2008 @ 12:03 pm EDT

If you get an email from your bank, Enom or anyone else, don’t follow the link in the email. Type the address in directly. If you find a phishing scam, report it to the company being spoofed.

Tom M McIntyre

October 31, 2008 @ 3:33 pm EDT

Thanks, guys. It smelled bad to me, but not REAL bad. Glad I googled it and very glad you folks had the straight info. Thank you.

Jason

November 1, 2008 @ 5:36 am EDT

Received the same using an ssl45.mobi

[…] Warning from DomainNameNews.com […]

Carmen

December 12, 2008 @ 9:49 pm EDT

I received an email supposedly from E-nom telling me that the free domain that I’ve had with AOL for several years will be discontinued and all info lost if I don’t register with E-nom by January 31. This seems like a scam since I did not get a direct answer to my question when I questioned them by email. Does anyone know more information about this? Thanks for the help.

RSS feed for comments on this post · TrackBack URI

Leave a Reply