Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Someone is attempting to register your domain in [insert country name here] - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Someone is attempting to register your domain in [insert country name here]

Dear Mr. Carboni,

"We are a Network Service Company which is the domain name registration center in [some city and country]. On Nov. 16 2010, we received an application from [some company that doesn't exist] requested "Sans" as their internet keyword and [country and (TLD)] domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor or business partner in [country name]?


[some person name]
[some company name]
[some company address] etc ...


Really?  Oh no!  I might lose my company.com/cn/af/sk/so/br domain in China/Afghanistan/S.Korea/Somalia/Brazil/ ...!

This is a scam that is several years old and I'm finding out is not as widely known as I originally thought.

Back in the day I used to receive this type of email at least a few times every month, usually from a different person/company/country.

If you call / email or in some way return communication, in my experience, the "company" tries to extort you for some amount of money telling you that if you don't pay (I remember one for $10000 USD and another was much more though I can't remember the exact amount - credit cards gratefully accepted) you will lose whatever domain they're telling you someone is trying to register.

There may be other angles that I haven't seen before but the bottom line is this is a scam that can be filed with the other scams, phishes, hoaxes and other stuff which (hopefully) is caught by your spam filter.
 

 

Christopher Carboni - Handler On Duty

Chris

140 Posts
I've learned about this only a few month ago. Out of curiosity (and to find out what they'd try to lure me into) I mailed back telling them that we're looking into this. Got a mail back telling me that's ok but that there's not much time left for my reaction. A day later I wrote the guy back that we and my non existing company (it's been about a domain in personal use) don't care and to my surprise he wrote me thank you for the information mail and I did not here of them again. I at least expected that they'd sell the verified mail address but it seems to not have happened.
Anonymous
We get these as well. I've assumed they were a semi-scam since long after the "you have to register by" date I'll get a message from a different company saying a 5th party is trying to register "domain/internet keyword". (Whatever the latter is.)

I suspect they are "legit" registrars, but they are instigating/inventing the 3rd party.
Jim

2 Posts
We get these all the time, almost exclusively from Asia-based "registrars." We've succesfully litigated against cyer-squatters at WIPO in the past because our brand is well-established; even if someone did try and register our name in various forms, it's pretty much useless to them. The bigger problem we have is that our C-level people all have outward-facing e-mail addresses listed on our website, and when one of those people gets such an e-mail, everyone panics until it gets forwarded to me, and I explain the situation. This is, in fact, they key to the scam; the laws and rules of the internet (such as they are) and domain name ownership aren't that easy to make sense of (I've been managing our domains, domestic and international, for several years, and I'm still on the learning curve), so it's easy to push the panic button in people who aren't well-versed in it. Our IS department has long wished that we could establish different e-mail addresses for the website, knowing that they will be culled, but management has not agreed to it.
Jim
3 Posts
Come to think of it, the most amusing ones are when they tell me that someone is trying to register a domain name that I know WE ALREADY OWN. With a little more research and a writer with a better command of English, these scams could probably generate way more profit than they do...
Jim
3 Posts
Come to think of it, the most amusing ones are when they tell me that someone is trying to register a domain name that I know WE ALREADY OWN. With a little more research and a writer with a better command of English, these scams could probably generate way more profit than they do...
Jim
3 Posts
All you have to do is to bite on the scam but before you send money, ask them for their bank account information so you can WIRE $1.00 USD to verify the account before send "your" payment. :-)
Jim
20 Posts
Actually, in 12 years of playing the game, I've only begun to see this in past year or so. Have been surprised it took so long to hit, but I guess it really only took so long to hit me. Coupled with a steep rise in offers to purchase... probably go hand in hand...
jmihawkins

1 Posts

Sign Up for Free or Log In to start participating in the conversation!