14 DAY TRIAL // Security researchers from Sophos warn of scam emails posing as alerts from a domain registrar, which claim that another party is trying to register domains similar to the company's name.
It is common practice for companies to register domain name variations that could be interpreted as belonging to them, in order to prevent abuse.
This precaution is not only limited to traditional .com, .org, .net TLDs, but also country-specific extensions, especially if company plans to do business in a certain area.
These days, a lot of companies have a local presence in China, so these scammers try to exploit their possible interest in .cn (China) or .hk (Hong Kong) domain names.
The rogue emails detected by Sophos come with a subject of "URGENT Registration Notice For [company_name]" and purport to originate from the employee of a domain registrar.
The message instructs recipients to forward the emails to their organization's CEO or to persons authorized to deal with the situation.
"This is [registrar employee name] ---Senior Consultant of domain name registration and solution center in china. have something to confirm with you.
We formally received an application on [date], one company which self-styled [rogue company name] were applying to register [your company name] as Network Brand and following domain names: [name].com.hk and [name].org.cn. After our initial checking, we found the name were similar top your company's, so we need to check with you whether your company has authorized that company to register these names. […]"
The email goes on to claim that the time available to object is limited, with the registration being automatically allowed to proceed after a certain date.
Scammers are hoping that companies will not allow those domains to be registered by a third party and will instead try to grab them for themselves, using the services they allegedly provide.
"Personally, I wouldn't give the firm that has just spammed me any money. If I really wanted the domain name, and believed it was important to me, then I would purchase it through another online broker," said Graham Cluley, senior technology consultant at Sophos.