What You Should Do If You Receive A Suspected Fraudulent ICANN Email
Fraudulent ICANN emails
Criminals impersonate trusted senders in email to gain your trust so they can obtain access to sensitive data. These phishing emails may appear to come from various sources including ICANN, your registrar or registry, or other business partners.
The security of our community remains one of our key priorities. While ICANN takes steps to investigate certain types of misuse, you must take steps to protect your personal information at all times. Fortunately, there are ways you can make sure a specific email really comes from ICANN.
Phishing and scam emails typically use deception such as forging a trusted sender’s address or domain or using a similar or lookalike domain. Scam messages typically ask for the reader to reply, call a phone number, click a link or open an attached file to steal personal information.
If you receive a suspicious email, please FORWARD it to email@example.com. Our team can take a look to determine if it's a fake. If it is, we'll work to get the source of the email shut down if possible. Reporting these emails helps protect the entire ICANN community.
Note: Please FORWARD the suspect email –– don’t cut and paste the contents, because valuable tracking information about the source will be lost.
We've provided some hints about identifying fake email below, but scammers adjust their tactics. So, if you have any doubts, please forward suspicious email to our Global Support team for review.
If you receive a suspicious email appearing to come from ICANN:
- Avoid clicking on links or opening attached files.
- Forward suspected scam messages immediately to firstname.lastname@example.org with "suspected phishing" in the subject line.
- If possible, include a copy of the suspicious message with headers (see links to guides below). Our support team will reply to your message as soon as possible.
Things to consider in reviewing email from ICANN:
- Legitimate email messages sent from ICANN will not come from another domain, such as "icann-monitor.org" or "icann-support.org".
- Be suspicious of any email that offers domain renewal services from ICANN. ICANN does not process domain registrations or collect fees from registrants directly. All fee collections are transactions between the registrar and the registrant.
- ICANN will not send domain registrants WHOIS Data Reminder Policy (WDRP) messages directly. If you receive an email about your domain that purports to come from ICANN, contact your sponsoring registrar directly for any concerns about the status of your account.
- Ask your email provider if they can use the ICANN SPF record to check which senders are authorized to use our domains and help filter out spoofed senders.
Ways to spot fake email:
- A false sense of urgency. Scams often tell you that your account will be in jeopardy if something critical is not updated right away.
- Fake links. These may look real, but they can lead you into trouble. Check where a link is going before you click by hovering over the URL. If it looks suspicious, don't click.
- Attachments. A real email from ICANN will never include an attachment or software. Attachments can contain malware, so you should never open one unless you are 100% sure it's legitimate.
To learn more about phishing:
Guides for viewing Email Headers: