We recently received an email from a company purporting to be from eNom (eNom is used by many companies to resell Domain Names, including Namecheap) asking us to verify our domain, otherwise, it will become accessible in three days. We wanted to warn you of the dangers of these phishing attempts.
At the end of the article we have highlighted some tips to avoid falling for a Phishing Scam, but first, we will show you the copy of the email we have received, what a legitimate email looks like, and finally a copy of the response from Namecheap when we brought it to their attention.
You can see a copy of the email we received below:
From: eNom <firstname.lastname@example.org>
Subject: eNom — IMPORTANT! Verify your contact information for xxxxxxxxxxx.COM
Dear JONATHAN GRIFFIN, 03/07/2016 12:20:11 am
Your contact information XXXXXXXXXXXXXXXX@XXXX & +44.7901xxxxxx, has been set as the Registrant contact for a domain name registered through eNom.
Please click on the following link to verify your Contact Information
This notice is being sent due to the ICANN Validation to confirm the WHOIS information on your domain(s).
Please note that failure to verify the Registrant contact information will lead to deactivation of the respective domain name(s) if not completed within 3 days from the date of that action.
Once deactivated, the domain names will not function until the information is verified.
For any support with respect to your relationship with
Sales Department email@example.com
Support Fax 425.974.4791
eNom Headquarters 5808 Lake Washington Blvd. NE, Ste. 300, Kirkland, WA 98033, USA
As you can see, the email looks genuine on a very quick look, but there were a couple of things that immediately didn't look right. Firstly, the email was from a "
An example of a legitimate email is below:
This is your annual notice that all registered domain names must have accurate and updated contact information.
Please review the domain information below and verify its accuracy. If all information is up-to-date then no changes are necessary. Inaccurate or outdated information must be corrected by logging into your account.
While we do respect your privacy, we are required by ICANN, our regulating authority, to send these notices annually to all domain contacts. To learn more about this process and why it is required, please visit ICANN’s website: http://www.icann.org/whois/ wdrp-registrant-faq.htm
Please remember that under the terms of your registration agreement, providing false or inaccurate Whois (contact) information can be grounds for the cancellation of your domain name registration.
Domain Name Link
xxxxxxx.com View Contact Data
Created: Apr 09, 2014; Type: Registrant
Internet Corporation for Assigned Names and Numbers (ICANN)
12025 Waterfront Drive, Suite 300
Los Angeles, CA 90094-2536 USA
Sincerely, Your domain registration provider
We decided to reach out to Namecheap (our registrar of choice), who provided the following response to seeing the email:
Thank you for contacting Namecheap Support Team!
We would like to let you know that this email does not originate from eNom. We highly recommend you *not* opening the file and delete the phishing email.
Please accept our apologies for the inconveniences this email might have caused to you.
Should you have any questions, feel free to contact us again.
How to Avoid Domain Phishing Scams
There are some things we recommend:
- Be wary of emails that:
- Come from Unrecognized Senders
- Ask you to confirm personal information, especially if the request is urgent.
- Are not personalized
- Try to intimidate or upset you by threatening you if you do not respond (i.e. your domain will go offline).
- Communicate personal information via secure websites:
- Look for the green bar when logging into a website. In particular, look websites which have verified their company information (EV SSL). Enom, for example, is owned by Rightside Group Ltd, and this clearly shows on their secure pages.
- Do not communicate confidential information, or log into websites via email \ email links. These could direct you to a malicious website that is built to look like a legitimate one.
- Do not communicate via telephone, unless you telephone them.
- Do not Click Links in emails from unknown senders.
- Beware of Links in emails that ask for personal information or to log into a website.
- If in doubt (like we were), forward the email to the company it is purporting to be from and ask them to verify it is legitimate before auctioning.