How to avoid getting your domain name stolen by email?

In early November, alerts from Registrar on the social networks and their own sites were repeated. This post is our contribution to those messages and echoes the warnings of our Registrars.

The reason?

A few clever clogs sent mass emails to domain name holders posing as Registrars in every country, including the following examples:

• http://blog.blacknight.com/warning-phishing-scam-targetting-blacknight-customers.html

• http://support.melbourneit.com.au/articles/help/Spam-Alert-27th-October-2015

• https://www.namebay.com/alerte-phishing/

• https://safebrands.fr/securite-dns/urgent-nouvelle-alerte-phishing/

• https://twitter.com/amenfrance/status/662286748723109888

• https://twitter.com/gandi_net/status/662257711837536256

Always the same mail, tailored for each Registrar, sent to holders of domain names under the .com TLD.

We don’t know what the mailers intentions were but we have no doubt they were malicious! And the operation was profitable even if a very small number of victims fell into the trap.

The reason?

Always the same: your domain name is suspended because it violates the rules of the Registrar concerned. Your Registrars will have done everything they could to reach you, including email & calls but you did not answer! Your only solution is to click on a suspicious link to download an even more dubious document.

What to do

Of course, it is important not to click on the link or download anything in emails from people you do not know. There’s only one appropriate response: delete the email.  If in doubt, contact your Registrar direct using their usual office number or email address.

How to spot scams in general

Scams by email of the phishing type, etc. always have a catchy title to get you to open the mail: "Win this…!", "Beware of that…!"," Your account has been suspended!", "Your payment could not be processed", "Update your details", "You are the lucky winner of..." and so on. They promise easy money, fame, effortless personal performance enhancements, or threaten you outright.

A good reflex is to look at the sender’s domain name, and not the sender’s name! A sender called "EBay" who contacts you using an email from a domain name that has nothing in common with EBay... has nothing in common with EBay and should go direct to the trashcan!

Spelling: If phishers are getting better on that side, their spelling and syntax are often poor! It is a good clue: a large number of mistakes in an "important" email means DANGER.

The link to which you are redirected is another key clue: if you click on the link, you will often see a very well-made copy of the official site. Your lifeline is the domain name of this mirror site. Again, stop if you find that the link has nothing to do with the proper domain name, and contact your usual connections.

In the domain name, the TLD also has a role to play. You're in Paris and you receive an email supposedly from your French supplier, in poor French and whose domain name ends with a TLD from a country on the other side of the world or Europe: send the email direct to the trash can!

If you click on the email

Suppose you have opened the email, clicked on the link, not seen that the link was unknown (people never pay enough attention to the links in the address bar), not noticed that the site was a fake and a good copy of the original, NEVER provide any personal or confidential information in any form of any kind. Don’t upload any personal document. Don’t enter a password. Don’t give your bank account information or your credit card numbers.

Otherwise ... Contact your usurped provider, your bank, report the theft of your ID and do it as quickly as possible!

To sum up

You’ve probably heard this often before, but never open emails from unknown senders and contact your usual connections in case of doubt.

To find out more

• http://www.cnil.fr/documentation/fiches-pratiques/fiche/article/spam-phishing-arnaques-signaler-pour-agir/