NinerNet Communications™
Blog

Corporate Blog

Phishing warning for domain registrants

31 October 2015 12:38:00 +0000

We’re seeing what appears to be a concerted “phishing” effort aimed at the registrants of domains. To be honest, the first time we saw one of these emails, the allegations it contained made us angry, and we almost fell for it. This is the classic reaction that “phishers” are looking for — anger, or fear — because those emotions will cause the smartest among us to lose control, perhaps for just long enough to do something stupid.

As always, our best advice is to take a moment to calm yourself down and take a critical look at the email that you have received. It is almost certainly fake.

We have received two different versions of these emails for several domains registered to us, and the emails are likely tailored to the registrar with which you have your domain registered. Below are the emails we’ve received, with legitimate email addresses altered to prevent their being automatically harvested by yet more spammers.

Example 1

From: domainabuse _AT_ tucows.com
To: NinerNet Communications
Subject: Domain ADDRESSGAURD.COM Suspension Notice
Date: Mon, 26 Oct 2015 18:46:54 -0700

Dear Sir/Madam,

The following domain names have been suspended for violation of the TUCOWS, INC. Abuse Policy:

Domain Name: ADDRESSGAURD.COM
Registrar: TUCOWS, INC.
Registrant Name: Domain Administrator

Multiple warnings were sent by TUCOWS, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us by email at mailto:domainabuse _AT_ tucows.com for additional information regarding this notification.

Sincerely,
TUCOWS, INC.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101

Example 2

From: “TUCOWS, INC.” <domainabuse@tucows.com.org>
To: NinerNet Communications
Subject: Domain GIVE-SPAM-THE-SLIP.COM Suspension Notice
Date: Tue, 27 Oct 2015 21:59:41 -0700

Dear Sir/Madam,

The following domain names have been suspended for violation of the TUCOWS, INC. Abuse Policy:

Domain Name: GIVE-SPAM-THE-SLIP.COM
Registrar: TUCOWS, INC.
Registrant Name: Domain Administrator

Multiple warnings were sent by TUCOWS, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,
TUCOWS, INC.
Spam and Abuse Department
Abuse Department Hotline: 480-570-6902

The text “Click here and download” was, in all cases, hyperlinked to websites NOT on domains associated with NinerNet or Tucows, the registrar with whom our clients’ domains are registered. You must always take a moment to view (in the status bar of your email program) the URL (address) of the website to which a link will take you, before you click the link.

While the first email was crafted so that it appeared to be sent from domainabuse _AT_ tucows.com — which is a real email address — subsequent messages have arrived from domainabuse@tucows.com.org. Tucows.com.org is not a real domain; however, it does exist as a sub-domain of the com.org domain which, despite how odd it looks, is an actual domain. (It is being “monetised” by its owners, who probably have nothing to do with the spammers/phishers but who have unfortunately set it up in such a way that “tucows.com.org” appears [to both humans and automated anti-spam systems] to be a working domain.) We have configured our mail servers to block messages from the tucows.com.org sub-domain, but if the contact email address for your domain is on a domain we don’t host (e.g., gmail.com, yahoo.com, etc.) then you may still receive these messages. Since tucows.com is a legitimate domain, we cannot block email from it.

As always, if you have any questions about a questionable email that you have received — or one that has made you afraid or angry — please forward it to us and we’ll take a look at it to determine whether or not it is legitimate.


Update, 2015-11-01: Minor corrections, add missing sender email address, add actual domains and remove protection for bogus email address.

Update, 2015-11-03: We’re now seeing these scam emails coming from domainabuse@tucows.com.info, and in this case the “com.info” domain (and any sub-domains) is completely bogus and should be blocked by default to most of our email clients. We checked out what happens when you click the link (don’t try this at home!) and our browser was directed to download a file named “GIVESPAMTHESLIP.COM_copy_of_complaints.pdf.scr”. This is an old trick, naming a file with a “double extension” to try to trick people into opening what they think (in this case) is a PDF file, but which (in this case) is actually (on Windows machines) an executable screensaver file (“.scr”) that can carry a malicious payload. Remember, think before you click!

Rate pages updated

9 October 2015 09:29:08 +0000

In addition to posting the new kwacha rates we mentioned here last week, we have updated all of our rate pages to lower our managed VPS rates in all currencies, and provide a complete list of the huge number of top-level domains (TLDs) that we now offer. In addition to a comprehensive array of country code top-level domains (ccTLDs), we now offer 364 new TLDs, such as (for example) the following:

  • .amsterdam
  • .club
  • .design
  • .golf
  • .irish
  • .london
  • .news
  • .ngo/.ong
  • .ninja
  • .online
  • .rocks
  • .site
  • .space
  • .taxi
  • .tech
  • .website
  • .work
  • .xyz

Please check out the new rates pages:

If you have any feedback, please let us know!

Warning about ongoing domain registration scam

9 October 2015 09:12:28 +0000

Hardly a week goes by that we don’t hear from a client with questions about a spam email that they have received regarding their domain registration(s). We appreciate hearing about these as it gives us the chance to reiterate with individual clients what to look out for in these emails, and to learn about new scams as they arise or determine that the old ones are still running.

One old one looks like the following:

From: Charles Zhang [mailto:charles@yiguandns.com]
Sent: Friday, October 09, 2015 6:01 AM
To:
Subject: yourdomain CN domain and keyword

(Please forward this to your CEO, because this is urgent. Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China. On Oct 8, 2015, we received an application from Huamei Holdings Ltd requested “yourdomain” as their internet keyword and China (CN) domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor or business partner in China?

Kind regards

Charles Zhang
General Manager
Shanghai Office (Head Office)
B06, Yujing Building, No.1 Jihe Road,
Shanghai 201107, China
Tel: +86 21 6191 8696
Mobile: +86 138 1642 8671
Fax: +86 21 6191 8697
Web: www.yiguandns.com

Note that “yourdomain” in the email above is the client’s actual domain, without the TLD — top-level domain, the part to the right of the dot. For example, if your domain is example.com, the subject of this email would be “example CN domain and keyword”. Of course, the actual wording of the subjects and bodies of these scam emails can and do vary, as well as the senders.

These emails are nothing but unsolicited solicitations to register (in this case) the same domain as your existing domain in the dot-cn (China) ccTLD (country code top-level domain) — e.g., example.cn if you already own example.com. There are other variations on these attempts to scare you into registering domains you almost certainly don’t need, usually, we have noticed, in TLDs in East Asia. However, scams like this can and do originate from all over the world. Also, remember that there is no such thing as an “internet keyword”; you cannot buy such a thing, it’s just a general description of a concept.

As always, if an unsolicited email (or, for that matter, phone call, postal letter, fax, smoke signal, etc.) tries to scare you into taking some sort of action — especially if it involves getting you to spend money — it is certainly a scam. Whether it involves domains or anything else, check with a trusted and knowledgeable advisor in whatever industry is involved before you take any action. Don’t even reply to these people, and certainly don’t send them any money.

As always, if you have any questions about emails you have received regarding your domains or hosting, we’ll be happy to address them.

A note to our Zambian clients on the value of the kwacha

3 October 2015 08:13:59 +0000

As you have no doubt noticed too, the recent slide in the value of the kwacha has not escaped our notice.

Although we bill and accept payment locally in kwachas, most of NinerNet’s expenses are paid in foreign currency to offshore suppliers where our servers are located. The reliability of these offshore systems is one of the reasons we’ve heard from our clients for choosing NinerNet over other local companies with data centres in Zambia. Before the current situation, our kwacha pricing had already fallen behind the kwacha’s trajectory against the US dollar, and we were considering options to address this that did not involve a pricing shock to you, our client, and simultaneously laid out plans for future price changes (even decreases) in a predictable manner.

When we first started operating in Zambia we, like many companies, invoiced in US dollars while accepting payment in kwachas. In 2012 the Government issued The Bank of Zambia (Currency) Regulations, 2012, outlawing the use of foreign currencies for domestic transactions. As NinerNet Communications is a Zambian-registered turnover tax company, we complied. For philosophical reasons (not the least of which was to keep our pricing predictable) we did not return to invoicing in US dollars when this law was later rescinded, and the kwacha rates we set in 2012 have not changed in the three years since.

Unless the kwacha loses further value in a short period of time, this is an issue that we will deal with gradually over the next few months by bringing our kwacha rates back into line with the kwacha’s value against the US dollar.

Effective with our October 2015 invoicing at the middle of the month, our rates will increase by K3.00 per US dollar — i.e., from the K5.50 per US dollar we set in 2012 to K8.50 per US dollar. In other words — to use our most popular hosting plan (webONE) as an example — if the monthly rate was K82.50, the rate effective with this month’s billing will be K127.50. Similarly, our price for generic top-level domains (e.g., dot-com) will increase from K104.50 per year to K161.50 per year. (We will leave the price of our alternative top-level domain for Zambia [dot-zam.co] at K66.00 per year.) You can use our US dollar rates page to see where things are going; our kwacha rates page will be updated in the next few days to reflect rates at the current exchange rate that will be charged for all NEW business.

Something important to note is that accounts that are already paid up to a certain expiry date will NOT be affected. In other words, if your expiry date is set at 1 June 2016 (for example), your hosting will still expire on that date and you will not be billed anything extra. This will also continue to apply into the future; your expiry date will remain your expiry date no matter what happens to the exchange rate in the meantime. Refunds for cancelled hosting will be refunded at the rate that was paid at the time the service was invoiced.

We would like to return to stable and predictable kwacha rates as soon as possible. Assuming that the exchange rate does indeed stabilise in the near term, we will look at revising our kwacha rates — up or down, as the case may be — every three months going forward to avoid sudden changes like the one we are being forced to implement today. Of course, if there are any wild swings like there have been since the beginning of September we will have no choice but to react more quickly.

We welcome any feedback you may have on our plans. Thank-you for your understanding, and thank-you for your business.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: