This morning I ran into a scam that has been circulating the Web for a few years now. Or I should say it ran into me.
At 6:00 AM, my phone buzzed indicating that I received an email. The message was from Vincen Wei of PECnetwork, claiming to be “the department of Asian Domain Registration Service in China”. He sent me the message to inform me that a company of “questionable repute” was applying to register our domain name as their “Net Brand” and some similar domain names through their firm. Here is the email…
Vincen Wei email@example.com 6:39 AM (17 hours ago)
(Mail to the brand holder, thanks)
Dear Brand Holder,
We are the department of Asian Domain Registration Service in China. I have something to confirm with you. We formally received an application on January 24, 2013 that a company which self-styled “AsiaRoom International Co.,Ltd” were applying to register “[ourcompany.com]” as their Net Brand and some domain names through our firm.
Now we are handling this registration, and after our initial checking, we found the name were similar to your company’s, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we will finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we will handle this issue better. Out of the time limit we will unconditionally finish the registration for “AsiaRoom International Co.,Ltd”. Looking forward to your prompt reply.
I have to admit, when I first saw the message this morning, it looked legitimate, even “speaking with some authority”. But it got ripe under a little more scrutiny. By 10:00 AM it just plain stank of 7-day-old phish!
First, the message wasn’t addressed to me. They sent it to “inforequest”, an email group that we make available for our customers and clients for making sales inquiries and they asked if someone could forward it to the right person.
Then there are the usual grammar errors and typos I’ve come to expect with spam, although this one was pretty clean.
Mostly, however, the process threw me. An independent company running checks on domain name requests and notifying members of the Internet community that someone may be trying to snarf their brand. And they are performing this service *without* being paid to do so.
I know, a cynical attitude, but I just couldn’t make sense of the business model. What’s in it for them?
That’s when I did a search on some of the terms in the email, in particular the “Asian Domain Registration Service in China” and discovered that not only was it a scam, but it had been circulating for a couple of years. Here’s an example where these geniuses sent their scam email to ESET, an online security company. Their forensic team promptly analyzed it, put it online, and used it as an example of what to expect and how to defeat it.
We can take a few lessons out of this.
First, there are individuals out there who are using your online reputation to scare you into making a rash decision. If you get an email that doesn’t pass the sniff test, run a search on a few of the key terms and see what scam alarms shake out.
Second, if you plan to run a scam operation, check your targets and don’t send your scam email to a security forensic company.