Phishing is a type of email scam that cybercriminals use to steal credit card or personal identifying information. The Anti-Phishing Working Group (APWG) reported that 125,215 attacks occurred [PDF 1.28 MB] in January through March of this year alone, which reminds us to be suspicious of "too good to be true" offers you receive in email, even if they appear to come from places you interact with or trust, including ICANN.
Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to "click here" to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN's branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.
Phishing attacks frequently employ the use of familiar imagery, visuals and language associated with well-known brands in order to trick recipients into believing they come from a valid source. In recent years, scammers have grown especially adept at mimicking real communications, so it's especially important that registrants take note of any suspicious or unsolicited emails coming from ICANN.
The security of our community remains one of our key priorities. While ICANN is actively investigating these scams, we recommend that registrants also take steps to protect their personal information. If you receive an email similar to the one described above, follow these steps:
- Be suspicious of any email that offers domain renewal services from ICANN. As a reminder, ICANN does not process domain registrations or collect fees from registrants directly. All fee collections are transactions between the registrar and the registrant.
- Report any scams to ICANN immediately via an email to Contractual Compliance at firstname.lastname@example.org. Where possible, please provide a copy of the suspicious email.
- Contact your sponsoring registrar directly for any concerns about the status of your domain name.
While cybercriminals are always looking to exploit people's good intentions, it serves as a reminder to always use email security best practices. If you think an email is suspicious, always avoid clicking on any links in the message.