Beware of domain verification phishing attacks


We recently received an email from a company purporting to be from eNom (eNom is used by many companies to re-sell Domain Names, including Namecheap) asking us to verify our domain, otherwise, it will become accessible in three days.  We wanted to warn you of the dangers of these phishing attempts.

At the end of the article we have highlighted some tips to avoid falling for a Phishing Scam, but first, we will show you the copy of the email we have received, what a legitimate email looks like, and finally a copy of the response from Namecheap when we brought it to their attention.

You can see a copy of the email we received below:

From: eNom <[email protected]>

Subject: eNom – IMPORTANT! Verify your contact information for xxxxxxxxxxx.COM

Dear JONATHAN GRIFFIN, 03/07/2016 12:20:11 am

Your contact information [email protected] & +44.7901xxxxxx , has been set as the Registrant contact for a domain name registered through eNom.

Please click on the following link to verify your Contact Information

This notice is being sent due to the ICANN Validation to confirm the WHOIS information on your domain(s).

Please note that failure to verify the Registrant contact information will lead to deactivation of the respective domain name(s) if not completed within 3 days from the date of that action.

Once deactivated, the domain names will not function until the information is verified.



For any support with respect to your relationship with us you can always contact us directly using the following Information.

Sales Department            [email protected]

Support Fax                        425.974.4791

eNom Headquarters       5808 Lake Washington Blvd. NE, Ste. 300, Kirkland, WA 98033, USA [/wwpsm_box

As you can see, the email looks genuine on a very quick look, but there were a couple of things that immediately didn’t look right. Firstly, the email was from a “tursagroup”, and the Enom domain had a suffix of “.ws”.  Furthermore, whenever we have been asked to review our domain contact details we have never been asked to log into our account directly.

An example of a legitimate email is below:

Dear xxxxxxxx,

This is your annual notice that all registered domain names must have accurate and updated contact information.

Please review the domain information below and verify its accuracy. If all information is up-to-date then no changes are necessary. Inaccurate or outdated information must be corrected by logging into your account.

While we do respect your privacy, we are required by ICANN, our regulating authority, to send these notices annually to all domain contacts. To learn more about this process and why it is required, please visit ICANN’s website: wdrp-registrant-faq.htm

Please remember that under the terms of your registration agreement, providing false or inaccurate Whois (contact) information can be grounds for the cancellation of your domain name registration.

Domain Name Link

Created: Apr 09, 2014; Type: Registrant

View Contact Data

Internet Corporation for Assigned Names and Numbers (ICANN) 12025 Waterfront Drive, Suite 300 Los Angeles, CA 90094-2536 USA Email: [email protected]

Sincerely, Your domain registration provider

We decided to reach out to Namecheap (our registrar of choice), who provided the following response to seeing the email:

Hello Jonathan,

Thank you for contacting Namecheap Support Team!

We would like to let you know that this email does not originate from eNom. We highly recommend you *not* opening the file and delete the phishing email.

Please accept our apologies for the inconveniences this email might have caused to you.

Should you have any questions, feel free to contact us again.

—————— Regards, Marina Zh. Customer Support

How to Avoid Domain Phishing Scams

There are some things we recommend:

  1. Be wary of emails that:
    1. Come from Unrecognized Senders
    2. Ask you to confirm personal information, especially if the request is urgent.
    3. Are not personalized
    4. Try to intimidate or upset you by threatening you if you do not respond (i.e. your domain will go offline).
  2. Communicate personal information via secure websites:
    1. Look for the green bar when logging into a website. In particular, look websites which have verified their company information (EV SSL). Enom, for example, is owned by Rightside Group Ltd, and this clearly shows on their secure pages.
    2. Do not communicate confidential information, or log into websites via email \ email links. These could direct you to a malicious website that is built to look like a legitimate one.
    3. Do not communicate via telephone, unless you telephone them.
  3. Do not Click Links in emails from unknown senders.
  4. Beware of Links in emails that ask for personal information or to log into a website.
  5. If in doubt (like we were), forward the email to the company it is purporting to be from and ask them to verify it is legitimate before auctioning.

We will be happy to see your thoughts

Leave a reply