This morning I ran into a scam that has been circulating the Web for a few years now. Or I should say it ran into me.
At 6:00 AM, my phone buzzed indicating that I received an email. The message was from Vincen Wei of PECnetwork, claiming to be “the department of Asian Domain Registration Service in China”. He sent me the message to inform me that a company of “questionable repute” was applying to register our domain name as their “Net Brand” and some similar domain names through their firm. Here is the email…
Vincen Wei firstname.lastname@example.org 6:39 AM (17 hours ago)
(Mail to the brand holder, thanks)
Dear Brand Holder,
We are the department of Asian Domain Registration Service in China. I have something to confirm with you. We formally received an application on January 24, 2013 that a company which self-styled “AsiaRoom International Co.,Ltd” were applying to register “[ourcompany.com]” as their Net Brand and some domain names through our firm.
Now we are handling this registration, and after our initial checking, we found the name were similar to your company’s, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we will finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we will handle this issue better. Out of the time limit we will unconditionally finish the registration for “AsiaRoom International Co.,Ltd”. Looking forward to your prompt reply.
I have to admit, when I first saw the message, it looked legitimate. It even “spoke with some authority”. But it got ripe when I scrutinized it a little more. By 10:00 AM, it just stank of 7-day-old phish!
First, they didn’t send the message to me, or anyone for that matter. They sent it to “inforequest”, an email group that we make available to our customers and clients so they can make sales inquiries. These mooks asked if “someone” could forward it to the right person.
Then it has the usual grammar errors and typos we’ve come to expect from spam.
However, I found the process baffling. An independent company running checks on domain name requests and notifying members of the Internet community that someone may be trying to snarf their brand. And they are performing this service *without* being paid to do so.
I know, a cynical attitude, but I just couldn’t make sense of the business model. What’s in it for them?
That’s when I did a search on some of the terms in the email, in particular the “Asian Domain Registration Service in China” and discovered that not only was it a scam, but it had been circulating for a couple of years. Here’s an example where these geniuses sent their scam email to ESET, an online security company. Their forensic team promptly analyzed it, put it online, and used it as an example of what to expect and how to defeat it.
What can sales people and small business owners take away from this event?
Well, recognize that there are individuals out there who are ready and willing to use your online reputation to scare you into making a rash decision. If you get an email that doesn’t pass the sniff test, run a search on a few of the key terms and see what scam alarms shake out.