Domain Spats & Disputes

Official-looking e-mails are really attempts to steal your domains

Both eNom and Network Solutions, two very large registrars that handle millions of domain registrations, are the target of a major phishing attack. It is believed that the perptrator(s) purpose is to acquire the login details for victims’ domain registrar accounts and thereby steal or otherwise compromise their domain registrations.

The phishing warning on Network Solutions home page

Phishing warning on eNom

If you receive any e-mail about your domain registration (or any other online account you may have) you should never click any link in the e-mail. Go the website where you have your account by entering the address in the address bar of your browser.

And it never hurts to drop into your domain registrar account to double-check that your contact information (particularly your e-mail address) is current, and to lock your domain, if your registrar offers such an option.

The domain registrar Directi announced that it has suspended more than 175,000 domain names. Of those, over 50,000 were “involved in various types of abuse, such as spamming, phishing/spoofing, malware perpetration, suspected pedopornography, financial frauds and falsified ‘Whois’ information.”

Directi is targeting “bad actors” who engage in various forms of spam, phishing, and other harmful activities. For example, their analysis looked for bulk registrations of multiple domains with slight variations in the domain — e.g., 018xyz.com, 018xyb.com, 018xyzc.com, etc. — and for domains that use blacklisted nameservers.

Directi disabled their privacy protection service for more than 500,000 domain names.

The move has touched off a discussion at the WebmasterWorld forum over whether a registrar should act as “the domain police” or whether a registrar’s job is merely to register domains for paying customers.