CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 30th, 2008

New Phishing Hits Domain Owners Accounts At eNom, NetworkSolutions

Sophos have reported a new kind of phishing campaign yesterday. Instead of the regular bank phish, or the more recent university/webmail email account phish, this new campaign targets domain registrar accounts, as per the email below:

The email fakes the From address (purports to come from [email protected]) and ask the user to update their account due to some maintenance, in a manner similar to bank phishes. The following two subject lines were seen in the phish emails, some with additional words such as “attention”, “warning”, or “IncidentID: #####”. Clicking on the link will take the user to a link in the url format of www.enom.com.someotherdomain.

The fake login site is probably lifted from the real eNom login page in its entirety. Looking at the HTML source of the phish site, one would find that even the Google Analytics link was copied. The only HTML code that was not part of the real eNom page is the login box. Submitting credentials to the box would allow phishers to gain access to an eNom registrar account.

Most likely, phishers would want to go after registrar accounts because of the termination of the EST Domains as a registrar. EST Domains happens to be the registrar of choice for many spammers, rogue antivirus program writers, and malware writers. Shutting down this registrar would impede their ability to bulk register new domains. Hence, newly phished registrar accounts can be used to purchase new domains for malicious use until they can find someone else to partner with them. It remains to be seen if these registrar account phish campaigns will be here to stay.

The phishers also target registrar accounts at Network Solutions. Here is a capture of the phishing email:

Just like the eNom phishes, the From address is a tech@ email address, and the phishing site seems to be a modified version of the Network Solutions login page. Given the two targets so far, it is quite possible that other registrar providers will be targeted next. So, beware of email purporting to be coming from your registrar service and don’t give spammers and malware writers a way to obtain domains for their nefarious purposes.

Share this item with others:

More on CyberInsecure:
  • Another Phishing Assault Hits Facebook Users
  • Pamela-systems.com Users Database Breached, Personalized Phishing Hits Skype Users
  • Spam From 750 Compromised Twitter Accounts Invited Users To Visit Porn Website
  • Gmail Exploit May Allow Attackers Steal E-mails By Setting Forwarding Filters
  • Royal Bank of Canada Phishing

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Phishing Hits Domain Owners Accounts At eNom, NetworkSolutions

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.