Posts

  • Domain name scams are making the rounds in hopes of triggering a response from a company’s employees out of fear. 
  • The Identity Theft Resource Center (ITRC) recently received a domain name scam claiming a registrar found the main body of domain names from “RENDE International Ltd.” that were the same as the ITRC’s. 
  • If anyone receives a similar email, ignore it. Never share personal or sensitive information with an unknown company.  
  • For more information, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website. 

Domain name scams are making their way through different companies, including the Identity Theft Resource Center (ITRC). The scam is well-known, but small-to-mid-size businesses (SMBs) can be tricked into responding. While scammers send the email in hopes of triggering a response out of fear, it is important employees at businesses of all sizes be able to spot the domain name scam. 

Here is one of a few of the emails that the ITRC recently received: 

Who It Is Targeting 

SMBs; Email users; Employees of companies with websites 

What It Is 

A CEO domain name scam is an email that appears to be a warning for the website owner regarding possible issues with their brand and domain name.

In the case of the ITRC, the email claims a website registrar found the ITRC’s domain name was also being used by “RENDE International Ltd.” The email asks for a response ASAP to “solve the problem promptly.”  

What They Are After 

Scammers hope that companies fear losing their brand identity or trademark information to a competitor that will purchase new domain names. The “registrars” may also charge higher prices than the standard rates offered by reputable registrars.  

How You Can Avoid It 

  • Do not respond to the email. Only renew a domain name through the company where it was initially purchased.  
  • Use the company email provider’s “spam” feature to report the email as junk. 
  • Never share personal or sensitive information with an unknown company. 
  • Companies should train their employees on how to respond to domain name scams and any  attempted scams that could affect the company. 

For more information on how an SMB, or any other company, can avoid a CEO domain name scam, contact the ITRC toll-free at 888.400.5530 to speak with an expert advisor. You can also live-chat through the company website.  

Phishing attacks are nothing new. However, with scammers increasingly using sophisticated and new methods of harming recipients that experts are not as familiar with, being able to identify a phishing attack has never been more important. They can arrive as emails, texts, social media messages, phone calls or links to websites which appear to come from someone the victim knows or a legitimate business. It might look like a boss or co-worker, someone in an email contact list, a bank or a consumer’s favorite retailer.

Trusted brands are used to provide an air of credibility for scammers, who capitalize on the good reputation and relationships these brands have built. Some brands that have been used in phishing attacks to target consumers include Wells Fargo, Zoom, American Express, Apple and Microsoft. The companies being used are not involved in these scams; in many ways, they are victims of the scammer as much as the targeted consumer.

Every phishing attack has a different goal, depending on what kind of ruse they are using. Some use links or attachments to insert malicious code on the user’s device so they can collect more information. Others attempt to steal people’s personal and business usernames or passwords,  and others still try to get someone to click on a well-disguised link so they can divert them to a place where the user enters even more information that the fraudster will use to his or her benefit. While phishing attacks have different objectives, the attackers’ primary goal is to steal the information needed to scam individuals and businesses.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things people should keep in mind when trying to identify a phishing attack.

Check the email address and URL to make sure it is not fake

Check unexpected inbound messages very carefully, paying special attention to the sender’s email or website address included in the message; they might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website link is Citibank.card.shop.com (as an example), instead of the company’s actual web address, again, it is probably fake. Always go back to the source of the email (or in this case, the company that is being represented) and check for alerts about potential scams of which they are already aware. Many times, the company is aware and has posted information about the scam.

Never click on an unknown link or open an unexpected attachment

Received an unexpected email, text, social media message or phone call with a link or an attachment?  Consumers should reach out directly to the purported “source” of the communication to verify the validity of the message before clicking on a link or opening an attachment (as mentioned above). Clicking on a malicious link or opening a bogus attachment could lead to someone’s personal information being stolen or infect the device with malware.

Check the message for grammatical errors and awkward phrasing

Read unexpected messages carefully and with a critical eye. Grammatical errors and awkward language are two quick indicators that the email isn’t sent by the company indicated. In trying to identify a phishing attack, customers should remember that companies do not send out emails or other messages with glaring errors – in most cases, large, reputable companies have teams checking their communications for just those types of issues. Smaller businesses may have a looser communication style, but loyal customers will know if something is “off.”  If someone sees any strange mistakes, that is probably a sign it is a fake. In fact, sometimes spelling mistakes are intentional so that only more gullible recipients will interact.

Never trust the caller ID

Do not go by what the caller ID may say. It is easy for a scammer to change the phone number or screen name to say anything, like “IRS” or “County Sheriff’s Department.” If someone calls with an attempt to verify identity information or demands for some kind of payment, consumers should hang up immediately and initiate contact with the company directly using a verified phone number from a trusted source. Here’s a tip: people should put numbers in their contact list for companies that are used regularly – but name them something only they would identify. For example, list the bank as “Bank on 4th & Main St.” instead of by the bank’s name. That way, if there’s an inbound call from the number, the person receiving the call will know they can trust it.

Remember that in many cases, fraudsters are using websites that look like the companies they are pretending to be. A web search could also bring someone to a potential fraudulent site. People should always treat the search results with the same critical eye as they would these other steps.

Phishing attacks can be confusing because of how close to real they can look or sound. Scam websites, emails, phone calls and text messages that mimic trusted brands will continue. However, by implementing these tips to identify a phishing attack, it will help reduce the risk of falling for a phishing attack.

Anyone with additional questions about phishing attacks, or believes they have been a victim of one, can call the Identity Theft Resource Center toll-free at 888.400.5530 to speak with an expert advisor. They can also use the live-chat feature on the website to get the help they need.


You might also like…