A new way of fraud has appeared: domain pseudo-registrars
Dear readers! Today for morning coffee, we are faced with a new, rather original way of fraud on the Internet. At the next check of mail the interesting letter was found:
It follows from it that the registration term of the domain that belongs to me expired yesterday and I have to pay for it. The letter looks plausible, there is my data (which, however, is publicly available in WHOIS), apart from the fact that I know my registrar, and I know that $ 75 a year in the .com zone is definitely not worth it.
Follow the link “Secure online payment” and get to the fun page where we are asked to enter complete credit card details:
')
Needless to say, rogues did not even bother to buy an SSL certificate for propriety, and critical authentication data such as credit card data should always be transmitted via a secure protocol. They did not bother to make the main page more similar to the domain registrar:
We are watching WHOIS on the domain of enterprising guys, as was supposed, the site is a one-day, registered a week ago:
Hurried, apparently already wanted to start collecting money as soon as possible: the implementation of the crooks obviously disappoint. But in any case, I can not fail to note that this kind of phishing and the way of taking money from the population is new and very creative: the combination of social engineering with the use of publicly available information from WHOIS is evident. I am sure many people will fall for scammers.
Friends, be careful!
It follows from it that the registration term of the domain that belongs to me expired yesterday and I have to pay for it. The letter looks plausible, there is my data (which, however, is publicly available in WHOIS), apart from the fact that I know my registrar, and I know that $ 75 a year in the .com zone is definitely not worth it.
Follow the link “Secure online payment” and get to the fun page where we are asked to enter complete credit card details:
')
Needless to say, rogues did not even bother to buy an SSL certificate for propriety, and critical authentication data such as credit card data should always be transmitted via a secure protocol. They did not bother to make the main page more similar to the domain registrar:
We are watching WHOIS on the domain of enterprising guys, as was supposed, the site is a one-day, registered a week ago:
Hurried, apparently already wanted to start collecting money as soon as possible: the implementation of the crooks obviously disappoint. But in any case, I can not fail to note that this kind of phishing and the way of taking money from the population is new and very creative: the combination of social engineering with the use of publicly available information from WHOIS is evident. I am sure many people will fall for scammers.
Friends, be careful!
Source: https://habr.com/ru/post/258519/
All Articles