• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Domain Renewal Phishing Scams

June 21, 2016Alycia MitchellEspanolPortugues

FacebookTwitterSubscribe

Update: I received another letter this year (May 2017). Seems iDNS Canada is still in business.

When I received a letter in the mail asking me to renew my domain name, I immediately recognized it as a scam.

The letter was designed to look like a bill, even including a return envelope for me to send payment to a company called iDNS Canada. I’d never heard of them before.

domain renewal scam letter

The letter starts with a notification that my domain name is expiring soon and I can take advantage of their “best savings” by switching my registrar to Internet Domain Name Services. The scammer is taking precautions to avoid legal trouble, but the entire letter is designed to be misleading. They even explain that I’m under “no obligation to pay” – bolding the words “this is not a bill.”

As with most social engineering scams, the use of personal information is what hooks victims into thinking a scam is credible. This letter included my domain name, accurate expiry date, and home address. All of this information is publicly available in my WHOIS records (which would’ve been private if I had purchased domain protection through my registrar – more on that later). All the scammer had to do is gather a list of domain owners’ information and plug those variables into a form letter.

It’s also worth noting that these kinds of “offline scams” prey on people who inherently distrust doing business on the internet. Some people consider offline communication to be more trustworthy. Everyone expects spam in their inbox, but not in their mailbox.

Registrar Scam

This is not a new scam, in fact, it’s been around for about fifteen years:

Domain slamming – (also known as unauthorized transfers or domain name registration scams) is a scam in which the offending domain name registrar attempts to trick domain owners into switching from their existing registrar to theirs, under the pretense that the customer is simply renewing their subscription to their current register. – Wikipedia

Someone spent time and money to put this campaign together. They paid postage. Color printing. That stuff is not cheap. They probably even paid for the list of users they targeted. It is clear they are making money. Despite all of their effort, there are still visible cracks in the pavement.

  • They offer a website you can visit – www.idns.ae – the .ae TLD is for the United Arab Emirates – but when you visit the site it currently redirects to idns.to (.to is the TLD for Tonga). Phishy on both counts.
  • Secondly, a registrar is never going to send you snail mail. Period.

If I was less familiar with phishing scams, maybe I would have mistaken this as legitimate. Even the name iDNS Canada sounds official to an unsuspecting victim.

What Happens to Victims?

When someone actually sends payment, there are several things that can happen. For one, the scammer now has your credit card information and can begin charging you outrageous fees whenever they like. They also can take control of your domain.

The prices for domain renewal are about 4x the normal price offered by other registrars. On top of this, they also require a “redemption fee” of $300 which they hide at the bottom of the pricing table:

redemption fee domain renewal

My colleague Denis Sinegubko dug up some more information about the company.
Some of their other names and related businesses are mostly resellers of Brandon Gray Internet Services.
  • Domain Registry of Europe
  • Domain Registry of America
  • Domain Registry of Canada
  • Domain Registry of Australia
  • Domain Renewal Group
  • Domain Renewal SA
  • Internet Corporation Listing Service
  • Internet Registry of Canada
  • Asian Domain Registration Service
  • Liberty Names of America
  • Registration Services Inc.,
  • Yellow Business.ca
  • Domain Renewal Group
Related domains:
  • idnsinc.at
  • idnsinc.com
  • idns.as
  • idns.to
  • DomainRegister.com.au
  • DomainRenewalGroup.com
  • droc.ca
  • namejuice.com

Future Phishing

There are over a billion websites online today; many of them owned by people who lack a technical understanding of how the web works. These website owners make prime targets for social engineering and tech support scams. This is why it’s so important that the convenience of technology is tempered with education about the risks involved with having an online presence.

For example, if my WHOIS records were private, I would have never received this letter. Domain privacy is an optional yearly service you can pay for through your registrar to protect your WHOIS records. Many website owners don’t even know what WHOIS records are in the first place, and those folks are the most vulnerable to this type of spam campaign.

The phenomenon of phishing against website owners will only get worse over time:

  • The gap between the user interface (what you see) and the underlying structure of the web (how it’s built) is becoming more expansive, allowing new website owners to remain ignorant of the internet’s true architecture.
  • Personally, identifiable information is being bought, sold, traded, and shared at an exponential rate. In time we will see certainly more sophisticated scams making use of increased access to social engineering vulnerabilities.

Conclusion

People are naturally scared of what they don’t understand, and phishing scams are designed to play to the fear and trust.

Phishing is something we see all the time. Most often, we see it in a very amateurish form that is easy to detect. This letter is no exception.  Just take a look at your spam folder. The problem is that sophisticated, targeted phishing does exist. Social engineering is becoming more complex and effective. What if the scammer took a few extra steps? It’s not difficult to find out who is hosting a website and then copy all of their marketing material. Spoofing, lookups, and sharing techniques are growing more complex all the time. The truth is that black hats are not going away and they are getting smarter.

I feel confident that I can spot a phishing attempt because I’m hyper vigilant when it comes to verifying my sources before proceeding. I wouldn’t call it paranoid – I’m just prepared for a truly formidable phishing scam. With all this unprecedented access to personal information, it’s only a matter of time before they become commonplace.

FacebookTwitterSubscribe

Categories: Security Advisory, Security EducationTags: Black Hat Tactics, Phishing

About Alycia Mitchell

Alycia Mitchell has been Sucuri’s Marketing Manager since 2014. Alycia's main responsibilities include analytics and content strategy. Her professional experience covers 10 years of SEO and digital marketing for cybersecurity. When Alycia isn’t deep in spreadsheets, you might find her exploring nature. Connect with her on Twitter.

Reader Interactions

Comments

  1. AndyT

    June 21, 2016

    Thanks for sharing useful information – too often people are scared into accepting opaque agreements.

  2. Jorge Muchacuar

    June 21, 2016

    mais uma vez muito obrigado pela informacao

    • Alycia

      June 21, 2016

      Obrigado! We will post the translation here soon: https://blog.sucuri.net/portugues/

  3. Keith Klein

    June 21, 2016

    Well written. Thanks. One question…can you cite the source for your statement that “There are over a billion websites online today” please?

    • Alycia

      June 21, 2016

      Thanks!

      I actually got it from the post Tony wrote last week:
      https://blog.sucuri.net/2016/06/growing-ddos-threat-website-owners.html

      Here is the original source:
      http://www.internetlivestats.com/total-number-of-websites/

  4. saraboulos

    June 28, 2016

    I’ve been getting these for a few years now. These guys are douchebags.

  5. Sona Mathews

    July 4, 2016

    I have also received an email which seems like renewal phishing scam yesterday showing that my domain is about to expire. thank God that I know already when to renew my domain so I deleted that fake email.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.