Spam Example: Spoof – Network Solutions

E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.

I am always fascinated by how tricky spammers/hackers/phishers are. They are constantly working out new ways to get your login information. I thought it might be helpful to post these from time-to-time so we can see what to watch out for.

I got this example this a.m.:

Dear Network Solutions Customer,

 

On Fri, 31 Oct 2008 02:53:20 -0800 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

1. Log in to Account Manager at: http://www.networksolutions.com (this was a clickable link – but I disabled it) 
2. Click on the “Profile & Accounts” tab in the left navigation menu to be taken to a page listing your account details.
3. Click on “Accounts” and select the account you wish to edit.
4. Click “View/Edit WHOIS Contacts” to make your updates.

If you believe someone requested this change without your consent, please contact Customer Service.

If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.

Sincerely,
Network Solutions Customer Support

Definite spam. Here are ways to tell:

1. No Network Solutions logo (although, they will often insert one to make it look real)
2. They are asking you to click a link to login. Legitimate companies rarely ask you to click a link to go to a login area.
3. The link says “www.networksolutions.com” but the actual link is: http://www.networksolutions.com.sys58.biz – This is NOT a legitimate link.
4. Funny symbols in the email. In this case, there is a funny symbol after the word “Solutions”. Probably it was meant to be a copyright or trademark symbol, but it didn’t get displayed correctly.

If you accidentally gave them your information, immediately contact the company that’s being spoofed and find out about changing your login/password and protecting your account.

You can also try sending an email to the company getting spoofed using [email protected] (in this case, it would be [email protected]) with a copy of the offending email. Lots of big companies have this email in place.

UPDATE

I got a REAL message from Network Solutions. They responsibly sent out this email when they realized someone was trying to use them for a scam:

Dear Valued Network Solutions(R) Customer:

We’ve recently become aware of a phishing scam targeting
domain name customers of a small number of registrars
including Network Solutions(R). We wanted to alert you of
this situation. Phishing is the practice of luring
unsuspecting Internet users to a fake Web site by using an
authentic-looking e-mail in an attempt to steal passwords,
account information or other sensitive data.

At this time, we know that fraudulent e-mails are being
sent to some domain name customers, regardless who the
registrar of record is, which include links to sites that
look like networksolutions.com or other domain provider
sites; however they are fake Web sites. These e-mails are
attempting to capture login information. For more
information and tips on identifying phishing scams, please
visit our blog at www.blog.networksolutions.com/.

If you believe you have received an e-mail of this type,
have clicked on the link, and provided your login
information, we recommend the following for security
purposes:

1. Log in to your account from the Network Solutions Web site.
2. Review your account information for accuracy
3. Choose a new password security question and answer
4. Change your password

Thank you for your attention to this message.

Sincerely,
Network Solutions(R) Customer Support

You’ll note that they did not give me a link to log in. They only gave me a link to their blog. If you clicked on it, you’d see it goes where it says it will. No funny domain names. They are leaving it up to you to find their web site and login.