Earlier this morning I received an email claiming that one of the domains I manage was in danger of expiring. It looked very suspicious and questionable right from the beginning. However, to more gullible people who might not scrutinize such an email, there is a legitimate appearance to it. See the screenshot below.
Look closely and you’ll see some flaws in this scam email.
How many instances in this email raise a red flag? Let’s see… the first thing is the from email address doesn’t look authentic (firstname.lastname@example.org). Namenname.org, seriously? How about putting a little more effort into your fake contact email, scammer!
The content of the email would have you believe that you have less than 48 hours to sign up for this great offer. Such a short window makes absolutely no sense. This courtesy should at least give people time to read the email!
Finally, the hyperlink below, “Select a Package”, doesn’t do any favors for the scammer. Instead of using a simple anchor text they used the full URL of the compromised website. I suppose they believe that people are just going to blindly trust what they are clicking on. No one will ever go to the root domain of the website! Of course, this particular hacked website has nothing to do with domain listing services.
Reviewing the scammers landing page
This page does have a genuine appearance to it.
Nothing really sticks out on the page that would make you question its authenticity. Well, that is not including the unrelated domain name in the address bar. Oh, and the lack of an SSL certificate in this case. It certainly looks appealing and original, right? It’s not!
These scammers have blatantly ripped off the design and some wording of FreeWeb Submission.com. At least they took the time to change the logo to one with a VERY creative text-based white font with a black stroke.
Clicking on the Submit Button
People that actually fall for this and fill out the form are then taken to a payment page. This page has some additional text and serves as a gateway to PayPal. Most of the websites I’ve encountered for this scam have the PayPal recipient listed as email@example.com. I discovered another blogger who reported this same email address and scam over a year ago. How has this scam not been shut down??
Some more research reveals a PayPal user’s failed attempt at shutting down the account associated with that email address on the official PayPal forum. After some back and forth with a moderator, this user gives up after being given the run around. As he notes, clearly PayPal is more interested in adhering to forum rules rather than investigating a scammer.
Use Common Sense When Asked to Perform an Action
It goes without saying that the best way to thwart these scams is to use your head. If something is questionable, look for some contact information to validate suspicious emails. Any legitimate company will always have a phone number, email or both. Even if that checks out, it is still worth Googling that information to see if any issues appear.
It’s strange that this scam has been going on for over a year. Searching for “/domain/privacy-policy.php” in Google shows that most of the affected websites are not located in the U.S. There were only 266 results returned by Google, so I don’t think this is very widespread. If this scammer had half a brain he would have set those pages to no-index to further mask his efforts.