NinerNet Communications™
Blog

Corporate Blog

Warning about sexual blackmail/extortion scam emails

13 April 2021 09:32:21 +0000

We have, in the past, warned of sexual extortion and blackmail emails. These reared their ugly heads in 2018, and have continued to circulate in various forms since. I have received them myself, and they are unnerving.

Today we warn you again, but with added urgency because we know of someone who has fallen for this scam. This is not unusual, because people fall prey to these scammers every day, but it is even more saddening when it’s someone you know.

Here is the email they fell for:

From: KJi
Sent: April 05, 2021 1:23 AM
To: Recipients
Subject: Evidences Against You

Hello,

It’s so shameful how people can’t be satisfied with their marriages.

We know you are cheating on your spouse and this has been backed-up with
evidences from your hacked mobile device for your fyi.

Just a little favor from you to me can go along way in esnuring things don’t
get bitter with your spouse finding out.

Kindly send an equivalent of 1200$ worth of bitcoin to this wallet
:bc1qt9fx8fz2fydy0q5h0ruvd30a7ujqxmx80hn3tn

Trust me, this is very little compared to what will happen if you don’t
cooporate with us and i believe you love your family no matter what.

In 48hrs time,if we don’t receive this token of 1200$ worth of btc from you,
you will receive pictures and screenshots via email and same will be sent to
your spouse as well.

Your time start counting now and note that any attempt to file a complaint
will not result to nohing as this e-mail cannot be traced and same as my
bitcoin id.

If, by any chance I find out that you have shared this message with anyone
else, I will make things go viral immediately

Rdgs,

KJ

Note all the spelling, grammatical and punctuation errors.

There is no way for this person to get their money back, as there is no way to find the scammer. And it is a scam; the sender does not have any “evidences”. It’s a shot in the dark, and the chances of their mass email finding someone who really is being unfaithful in their marriage — and are feeling guilty and don’t want to be outed — are actually pretty good!

Please take this warning seriously, and don’t be fooled by these emails. They are just scams. We strongly suggest that you circulate this information to your colleagues, co-workers, employees, family and friends. Knowledge is power against the scammers.

Compendium of scam emails

13 April 2021 09:26:41 +0000

Scam and “phishing” emails arrive daily by the truck load. We can’t send a warning every time we ourselves get a scam or phishing email. If we did, our own emails would become just noise in the background.

However, we present here eighteen screenshots of scam, spam and phishing emails that we have received or seen over the last four years. If you’re not sure what one of these emails look like, we encourage you to look these over. The approaches vary, but here are some common factors:

  • They advise you that your email account is over quota, and you must take some immediate action to prevent catastrophe — i.e., the loss of all your email.
  • Your email account is being closed or upgraded.
  • The webmail for your account is being upgraded, and you have to take action.
  • Your domain is being cancelled or expired within a few hours or a couple of days.
  • Payment for the renewal of your domain is overdue.
  • Wordy expiration notices that are unclear about what exactly is expiring and how it could theoretically affect you.
  • Domain SEO (search engine optimisation) notices made up to look like invoices for domain renewal.
  • Emails with links that disguise the true destination to which you are clicking. Always check the status bar in your email program or app — before you click, while hovering your mouse pointer over the link — to determine whether or not your browser will really be going to a domain you recognise — e.g., niner.net if you are a NinerNet Communications client.
  • Emails that try to sound like they come from your own company’s IT department, complete with copyright notices.
  • “Final” renewal notices that are a surprise.
  • Fine print at the end of the email that makes ludicrous statements that contradict the meat of the email, such as, “We do not directly register or renew domain names” or “THIS IS NOT A BILL” (in an email that looks like it’s a bill to renew your domain); “We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading” (in an email that tries to mislead you into paying what looks like an invoice).
  • Urgent server warnings, that aren’t urgent server warnings at all.

NinerNet Communications is judicious about how many emails we send out, and how often we do. We’re also careful to ensure that we use proper spelling and grammar. Our emails do not contain copyright notices and pages of meaningless legal notices. (Maybe they should, but currently they don’t. We’re real people who tend to believe that our clients are also real people with brains.) With that in mind, here is a non-exhaustive list of things you should look for to determine if an email you’ve received really is from NinerNet and if it’s legitimate:

  • Is it from an email address on the niner.net domain? (Configure your email program or app to show you the sender’s actual email address, not just their name.) If it’s not, it’s not from us and you can probably ignore it if it claims to be about your hosting or domain.
  • Does it try to scare you or make you angry, such that you might take immediate action? If it does, it’s definitely not from us.
  • Is it in HTML or “rich text”, with different colours and types of fonts, and does it contain images or things that look like buttons (especially that say “secure online payment”)? It’s very likely not from us.
  • Are there copyright notices in the email? Definitely not from us.
  • Does it flatter you with words such as “esteemed” or “valued”? Not from us. (You are esteemed and valued, for sure; we just don’t lay it on thick with you!)
  • Does the email address you by the name in your email address? For example, if your email address is accounts@example.com, does it address you as “accounts” as if that was your name? Not from us.
  • Does it ask for personal information or ask you to update or confirm personal information? Very likely not from us unless you’re a brand new client.
  • Look very carefully at the sender’s address. Does the font on your email program make some letters look like others? For example, if the sender looks like bob@example.com, are you sure his domain isn’t exarnple.com? With some fonts the “r” and the “n” together look like the “m” in “example”.

Of course, the above checklist can be applied to any email you receive, including emails that purport to be from your bank.

Attachments: Don’t open attachments from unknown senders or that you are not expecting, even from known senders. Also make sure you have anti-virus software installed.

Our automated notices telling you that your mail box is full, or close to it, are extremely brief and do not try to scare you or offer you links to “free upgrades” or anything like that.

If you click on a link in an email and enter information on a form — especially a password — and then realise that it’s a scam/phishing, immediately change that password. You should also contact NinerNet, or whoever that account is with, to inform them what has happened.

Finally, when we do send you an email to advise you of something that applies to all (or most) clients — such as server moves, upgrades, etc. — we include a link to our blog (blog.niner.net) so that you can confirm that information.

Below, then, are the eighteen screenshots of scam, spam and phishing emails. The first is particularly noteworthy, as it is a sexual blackmail/extortion scam that seeks payment via Bitcoin. It and similar emails will be the subject of our next blog post.

If you have any questions, please contact NinerNet support. Thank-you.

Sexual blackmail bitcoin email scam.

Sexual blackmail bitcoin email scam.

Quarterly kwacha rate review, Q2 2021

1 April 2021 00:00:32 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 5%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 345.00
  • mailONE hosting plan (monthly): ZMW 230.00
  • gTLD domain (annually): ZMW 435.00

Our new kwacha rates will be online within 24 hours.

A couple of issues today

27 January 2021 10:28:08 +0000

We, as well as some clients today, have received phishing emails advising the recipients to follow a link to deal with emails that have been quarantined or “suspended” on the mail server. These emails are scams, and do not come from addresses on the niner.net domain. Do not click on the links, and delete the emails.

Secondly, we are aware that the primary mail server’s IP address is in at least one new blacklist as a result of our data centre being blacklisted. If email you send is bounced for this reason, please advise us and we will re-route email to that domain via one of our relay servers.

Please contact NinerNet support if you have any questions or need to report something. Thank-you.

Quarterly kwacha rate review, Q1 2021

1 January 2021 09:06:44 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 7%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 330.00
  • mailONE hosting plan (monthly): ZMW 220.00
  • gTLD domain (annually): ZMW 425.00

Our new kwacha rates will be online within 24 hours.

Christmas wishes and hours

21 December 2020 03:28:02 +0000

After a year like no other, worldwide, we look forward to a fresh start in 2021! Unlike in previous years we’re not using this opportunity to announce reduced hours over Christmas. NinerNet support is and will be available during the same regular hours you’re used to, and our systems continue to be monitored 24/7. Please contact us if you need us.

We sincerely thank you for your business this year. I know that for some of you it has been a difficult year financially, but with a COVID vaccine on the horizon I hope that you, your colleagues, employees and families will have a much better 2021 as you ramp up for an approach to normality in 2022. In the meantime we wish you and everyone in your organisation a Happy Christmas, and a prosperous New Year.

All the best.

Upcoming changes to mail servers

20 December 2020 12:52:47 +0000

The email world is constantly evolving. More to the point, spam is a never-ending arms race. We have made some changes to our email system, and in the New Year we will be making more.

So far all we have done is add a second alternative route for outbound emails. This gives us (and our clients) a third possible point from which emails can be delivered to your recipients. This action is the result of our data centres’ IP addresses finding themselves in more blacklists as a result of poor management, and the bad behaviour of their other customers.

Our use of this service will result in some very minor changes to the headers of some of these emails when viewed by the recipients. Almost nobody pays any attention to the headers of emails until there is a problem, but we are telling our clients this in advance so that you are aware of it.

There is nothing you need to change in your email programs or apps. The only thing you need to do is forward errors to us if a bounce message for an email you have sent refers to being blocked, as opposed to the destination address not existing or being full. If your email was blocked we can divert future emails to that domain via an alternative route. This option has always been available, but for the reason stated above we’re getting more reports now than in the past.

That addresses an immediate issue. Plans were already in progress for a scheduled upgrade to our primary mail server, but now they have an additional focus: We will be setting up a new mail server in another data centre where the reputations of their IP addresses are an explicit priority.

This plan will probably protect NinerNet for a couple more years. However, with the way the email world is moving, there are some predictions that all IP addresses will eventually be blocked from sending email except for a select few. I don’t believe I need to explain how this will concentrate power over email in the hands of a few, and how detrimental this will be, so we expect that reputable data centres will oppose this. Those are the kinds of data centres we want to work with, but we will maintain accounts with third-party relay providers just in case.

We will be posting more on the subject of email, specifically details of our migration, and information you need to know to ensure that your email will not be considered spam, either by us, our spam filters or your customers.

Please contact NinerNet support If you have any questions or concerns. Thank-you.

Zambian domain registrars again taking detrimental action

28 November 2020 04:23:18 +0000

In April we informed you that we had achieved ZICTA accreditation through our partner Preworx. The primary motivation for doing this was to provide reliable domain registration service to Zambians because, as is shown in this blog, the Zambian ccTLD (country code top-level domain) has been very badly managed by the accredited/registered ISPs that provide registrar service. By becoming an accredited registrar ourselves we hoped (and continue to hope) that we could bring our legendary customer service to dot-zm registrants, to give them peace of mind that their domains will operate as expected.

Since April we have taken a number of actions to provide improved service to dot-zm registrants:

  • We have rescued quite a number of domains that were registered through Coppernet,
  • We have helped the registrants of some domains that were previously hosted with or registered through Microlink,
  • We set up an example domain at example.com.zm,
  • We have updated the WHOIS information for all domains that we’ve transferred in from other registrars, so that they are using current and correct contact information and are compliant with all expected norms as far as contact information is concerned,
  • Many domains transferred in from other registrars had expiry dates as long as ten years ago, but all domains have been renewed up to the present, and
  • We have brought some domains “home” from overseas where they were managed by companies gouging Zambians for hundreds of US dollars per year for domain registrations.

We have also been able to use our status as a registrar with direct and established contact with ZICTA to address a number of situations where dot-zm domains were unduly taken offline due to actions taken by their previous registrars. Most recently this took place yesterday (27 November) when domains that are with the registrar AfriConnect (officially, but also known as iConnect and now “inq.”) were taken offline because their nameservers were changed by iConnect/inq without request or authorisation from the registrants. This took these domains offline all day yesterday until finally, at the end of the day, they were restored to working condition again.

Similar issues have taken place with Zamnet and Coppernet in the past, although the latter is no longer in business and the issues with the former took place before our accreditation, so we were not able to do anything except sit on the sidelines and shout! In one recent case a client’s dot-co.zm domain, registered with Zamnet, was down for over a month before it was sorted out by Zamnet! The expiry date on that domain still shows as 2015 in the WHOIS!

These situations are all examples of the fact that dot-zm domains registered with anyone other than NinerNet are in jeopardy of going offline at any time with no notice to the registrants or NinerNet. This is intolerable. Although it is not a technical requirement, ever since April we have insisted that new clients transferring in existing dot-zm domains to our hosting service also transfer their domain registration for management by NinerNet/Preworx. Any existing clients who choose not to transfer their domain registrations to NinerNet will be pointed to this blog post to ensure that they are aware of the risk they are taking if they leave their dot-zm domain registered with another registrar.

Finally, we are continuing to sell dot-zm domain registrations, renewals and transfers for K175.00 per year (50% off!) until 31 December 2020. Contact NinerNet today to arrange for the registration, renewal or transfer of your dot-zm domain!

Quarterly kwacha rate review, Q4 2020

1 October 2020 00:00:19 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 8%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 307.50
  • mailONE hosting plan (monthly): ZMW 205.00
  • gTLD domain (annually): ZMW 389.00

Our new kwacha rates will be online within 24 hours.

Microlink has apparently shut down

14 September 2020 03:24:27 +0000

Microlink last week apparently sent an email to their customers stating that they were suddenly “shutting down their hosting services”. According to some reports, there weren’t many customers left to send the emails to. However, one of them contacted us and with cooperation from ZICTA we were able to transfer their dot-zm domain under our management, and we got them back online the same day.

However, another former Microlink customer who contacted us wanted to get their @microlink.zm email address working again. We had to inform them that we are unable to do that, because we don’t manage the microlink.zm domain and its DNS and email accounts. It remains under the management of Microlink, or whatever is left of it.

We did contact the (apparently) former IT manager at Microlink (Sanjeev) to offer assistance with moving clients to new hosting and to host email on microlink.zm, but we have not had a response … and quite frankly don’t expect one.

If you are a former hosting customer of Microlink — i.e., you have your own domain, dot-zm or otherwise — that was hosted with them, please contact us and we will assist you in getting your domain back online as quickly as possible. We have the expertise and experience.


Update, 2020-09-18: Although we can’t replace what you lost when Microlink shut down unexpectedly, we can try and ease your pain. If you contact us and sign up before the end of September 2020, we will host you for no charge for ONE YEAR (for a maximum of 25 email addresses), including bringing your dot-zm domain registration up to date. Click here to contact us by email now.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrant transfers registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: