Threat Intelligence Blog

Posted September 9, 2008

Cyveillance has recently observed an increase in the volume of spam email related to a domain registration scam. This scam typically targets individuals in Fortune 500 companies and attempts to create a sense of urgency around the need to register country code top-level domains (ccTLDs) before a fictitious holding company purchases them, making them unavailable. Many of the ccTLDs we have seen include:

• hk
• tw
• asia

The scammers portray themselves to be good corporate citizens by informing companies of the registration inquiry. However, we know better. Their agenda is to try to entice the target company to register the Asian domains quickly at a superficially high rate.

Cyveillance recommends the following actions if/when someone in your organization receives one of these emails.

1. Follow your company’s Domain Registration Policy. If you would like to own any of the domain names listed in the scam email, contact a reputable registry to purchase these domains though your normal channels.
2. Delete and ignore the messages as you do with conventional spam. You are not required to take any action, so do not respond or engage in negotiations with the scammers at all.
3. It is still your trademark/brand and you have a right to defend it. You should not be extorted into buying domains prematurely. If any of the domains listed in the emails are ever registered by companies that do not have a relationship with you, you have the right to send Cease & Desist letters or to engage in the UDRP process to recapture that domain.

Shown below is just one example of the emails received.

From: xxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, August 20, 2008 5:18 AM
To: xxxxxxxxxxxxxxxxxxxxxxx
Cc: Platinum Card Mailbox
Subject: xxxxxxxxxxxxxxxxx Domain Names

Dear CEO,

We are SK Net Service Company Ltd, which is the domain name register center in China.I have something need to confirm with you.
we have received an application formally,one company named “MAIRHK Holdings Limited” applies for the domain names
and the internet Brand Name(xxxxxxxxxxxxxxxx)on the internet Aug 19, 2008. We need to know the opinion of your company, because the domain names and keywords may relate to the usufruct of brand name on internet.
we would like to get the affirmation of your company, please contact us by telephone or email as soon as possible. Please let someone in your company who is responsible for trademark or intellectual right contact me freely.

Best Regards,

Sponsoring Registrar:
SK Net Service Company Ltd
Add: 3A, Units 20/F, Far East Consortium Bldg,
121 Des Voeux Road, Central, Hong Kong
Tel: +852-3075 9838
Fax:+852-3177 1510 +852-3177 1520

Additional Posts

Scads hurt everyone.

What is a “scad”? Scads are deceptive sponsored search results that usually appear at the top ...

How Protected Are We Really Against Malware?

Fueled by scalability and ease of use, it is not surprising that malware attacks delivered via the ...