This widespread domain registration phishing attack has been kicking around on and off for years, and it has recently resurfaced in our customers' inboxes. This hair-raising scam might look legit at first glance. That’s why we’ll dismantle it into pieces so you’ll know what threat indicators to watch out for!
The idea behind this attack is that failure to secure your domain names will allow another company to register them for themselves. This would of course be bad news indeed to any company with a valuable trademark to protect.
The email is supposedly sent from a domain name registration center trying to reach a company’s domain owners. The so-called registrars are claiming that an application has been received from a Chinese company that is trying to register a CN domain that is in conflict with the owner’s company name.
The email is usually sent from a domain that has just been registered 1-2 months ago, e.g. “cnnetregistry.com“ in this case. This is a clear red flag, made worse by the fact that the domain has nothing to do with “China Registry.” The name of the “Service & Operations Manager” (in this case Thomas Liu) and the company (China Registry) may sometimes change but the message and the email template remains the same in this popular scam.
The attacker's agenda is to get you to respond to the email; that triggers the actual attack. They are claiming that in order to protect your trademark you must register the Chinese domains for yourself. This of course comes with a price tag.
In short, the scammer’s goal is to get paid by tricking the victim into paying domain registration fees that don’t really exist. Falling for this scam could turn out to be costly.
The scam has been roaming around the internet for years, which indicates that it works. Especially for those unfamiliar with how domains and registration work, this might quicken the pulse.
However, these are phishing emails from cybercriminals and should be ignored.
Remember to stay safe!
Our Threat Analysis Team examines tens of thousands of reported phishing emails, including ones like these, a week–and have captured tens of millions of threats to date. They cluster the threats, rate them, and incorporate the nasty ones into our training simulations in real time to ensure our training stays at the cutting edge of the constantly-evolving threat landscape. Hoxhunt users are thus drilled on spotting and reporting the latest actual threats making the rounds, removing potentially catastrophic threats from your system with every push of the Hoxhunt reporting button. Read more to learn how to equip your employees with the awareness training that will protect your company from phishing scams.