Skip to main content

Be Careful What You Click: Alert of New Fraudulent Domain Renewal Emails

Reg false requests 750x425 29sep14 en

Phishing is a type of email scam that cybercriminals use to steal credit card or personal identifying information. The Anti-Phishing Working Group (APWG) reported that 125,215 attacks occurred [PDF 1.28 MB] in January through March of this year alone, which reminds us to be suspicious of "too good to be true" offers you receive in email, even if they appear to come from places you interact with or trust, including ICANN.

Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to "click here" to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN's branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.

Phishing attacks frequently employ the use of familiar imagery, visuals and language associated with well-known brands in order to trick recipients into believing they come from a valid source. In recent years, scammers have grown especially adept at mimicking real communications, so it's especially important that registrants take note of any suspicious or unsolicited emails coming from ICANN.

The security of our community remains one of our key priorities. While ICANN is actively investigating these scams, we recommend that registrants also take steps to protect their personal information. If you receive an email similar to the one described above, follow these steps:

  • Be suspicious of any email that offers domain renewal services from ICANN. As a reminder, ICANN does not process domain registrations or collect fees from registrants directly. All fee collections are transactions between the registrar and the registrant.
  • Report any scams to ICANN immediately via an email to Contractual Compliance at compliance@icann.org. Where possible, please provide a copy of the suspicious email.
  • Contact your sponsoring registrar directly for any concerns about the status of your domain name.

While cybercriminals are always looking to exploit people's good intentions, it serves as a reminder to always use email security best practices. If you think an email is suspicious, always avoid clicking on any links in the message.

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."