Beware of domain verification phishing attacks

Web Hosting Menu

We recently received an email from a company purporting to be from eNom (eNom is used by many companies to resell Domain Names, including Namecheap) asking us to verify our domain, otherwise, it will become accessible in three days. We wanted to warn you of the dangers of these phishing attempts.

At the end of the article we have highlighted some tips to avoid falling for a Phishing Scam, but first, we will show you the copy of the email we have received, what a legitimate email looks like, and finally a copy of the response from Namecheap when we brought it to their attention.

You can see a copy of the email we received below:

From: eNom <>

Subject: eNom — IMPORTANT! Verify your contact information for xxxxxxxxxxx.COM

Dear JONATHAN GRIFFIN, 03/07/2016 12:20:11 am

Your contact information XXXXXXXXXXXXXXXX@XXXX & +44.7901xxxxxx, has been set as the Registrant contact for a domain name registered through eNom.

Please click on the following link to verify your Contact Information


This notice is being sent due to the ICANN Validation to confirm the WHOIS information on your domain(s).

Please note that failure to verify the Registrant contact information will lead to deactivation of the respective domain name(s) if not completed within 3 days from the date of that action.

Once deactivated, the domain names will not function until the information is verified.



For any support with respect to your relationship with us you can always contact us directly using the following Information.

Sales Department

Support Fax 425.974.4791

eNom Headquarters 5808 Lake Washington Blvd. NE, Ste. 300, Kirkland, WA 98033, USA



As you can see, the email looks genuine on a very quick look, but there were a couple of things that immediately didn’t look right. Firstly, the email was from a “tursagroup”, and the Enom domain had a suffix of “.ws”. Furthermore, whenever we have been asked to review our domain contact details we have never been asked to log into our account directly.

An example of a legitimate email is below:

Dear xxxxxxxx,

This is your annual notice that all registered domain names must have accurate and updated contact information.

Please review the domain information below and verify its accuracy. If all information is up-to-date then no changes are necessary. Inaccurate or outdated information must be corrected by logging into your account.

While we do respect your privacy, we are required by ICANN, our regulating authority, to send these notices annually to all domain contacts. To learn more about this process and why it is required, please visit ICANN’s website: wdrp-registrant-faq.htm

Please remember that under the terms of your registration agreement, providing false or inaccurate Whois (contact) information can be grounds for the cancellation of your domain name registration.

Domain Name     Link         View Contact Data

Created: Apr 09, 2014; Type: Registrant Internet Corporation for Assigned Names and Numbers (ICANN) 12025 Waterfront Drive, Suite 300 Los Angeles, CA 90094-2536 USA Email:

Sincerely, Your domain registration provider

We decided to reach out to Namecheap (our registrar of choice), who provided the following response to seeing the email:

Hello Jonathan,

Thank you for contacting Namecheap Support Team!

We would like to let you know that this email does not originate from eNom. We highly recommend you not opening the file and delete the phishing email.

Please accept our apologies for the inconveniences this email might have caused to you.

Should you have any questions, feel free to contact us again.

Regards, Marina Zh. Customer Support

How to Avoid Domain Phishing Scams

There are some things we recommend:

  1. Be wary of emails that:
    • Come from Unrecognized Senders
    • Ask you to confirm personal information, especially if the request is urgent.
    • Are not personalized
    • Try to intimidate or upset you by threatening you if you do not respond (i.e. your domain will go offline).
  2. Communicate personal information via secure websites:
    • Look for the green bar when logging into a website. In particular, look websites which have verified their company information (EV SSL). Enom, for example, is owned by Rightside Group Ltd, and this clearly shows on their secure pages.
    • Do not communicate confidential information, or log into websites via email \ email links. These could direct you to a malicious website that is built to look like a legitimate one.
    • Do not communicate via telephone, unless you telephone them.
  3. Do not Click Links in emails from unknown senders.
  4. Beware of Links in emails that ask for personal information or to log into a website.
  5. If in doubt (like we were), forward the email to the company it is purporting to be from and ask them to verify it is legitimate before auctioning.
Jonathan Griffin. Editor @ The Webmaster

About the author

Editor at The Webmaster.

Jonathan Griffin has been the Lead writer at The Webmaster for the last 5 years. Having provided technical SEO, WordPresss development, and hosting services for clients, his passion remains to help small businesses and bloggers develop their online presence.

In his spare time, he loves to push his technical knowledge further, and regularly undertakes professional courses on subjects ranging from python development, digital marketing, and Google Analytics.

Find out more about Jonathan Griffin on our About Page.