McAfee Labs

Persistent Domain-Renewal Scam Alive and Kicking

1
By on Mar 30, 2010

A friend of mine forwarded a suspicious email message recently. I’ve replaced the domain, order number, etc. below:

—————————-

From: Customer Support <support@droa.com>
Subject: Order Confirmation for <domain>, Order ######

To <registered domain holder>,

Thank you for registering/renewing the following domains with the Domain Registry of America, America’s fastest growing Domain Registrar.
We take pride in offering you superior customer service and competitive pricing.

*******************************************************
Order Information
*******************************************************
<domain> renewal/transfering
The order number for <domain> is #####.

*******************************************************
Payment Information
*******************************************************
Your check ##### for $30.00 has been received.

Domain Registry of America
support@droa.com

—————————-

I validated for my friend that the email was bogus. The domain was not held by Domain Registry of America (DROA), and never had been. The domain was not expiring in the next 90 days.

Later he received a follow-up email:

—————————-

From: “Transfer Department” <transfers@namejuice.com>
Subject: RE: <domain>; Order #####
Reply-To: <support@namejuice.com>

To <domain holder>,

Thank you for choosing to transfer and renew <domain> with the Domain Registry of America.

Your transfer and renewal of <domain> is not yet complete.

Due to the changes in the .org renewal process, you will need to obtain an EPP key code from your current registrar.

This authorization key removes the need for the user to send in a fax or reply to an email to verify their transfer request. This is because these names are assigned a unique authorization key at the time of their registration. The key is created and held with your current registrar. You should be able to obtain your authorization key by contacting your current registrar.

Please contact your current registrar using the information below and request your EPP Key code.

Domain: <domain>
Current Registrar: <registrar>
Registrar Phone Number: Please visit their site to contact them

When you call provide them with your domain name (<domain>), and ask for your EPP key.

Once obtained, please click the link below to input your EPP key code and confirm your email address.

http://confirm.droa.com/getepp.asp?e=1&o=####&p=####

You must click on the link above in order to continue the transfer and renewal process.

Yours truly
Domain Registry of America
Toll free 1-866-434-0212 or for International Callers, dial +1(905)479-2533

—————————-

The scam attempts to get domain holders to transfer service and pay accordingly. It seems this scam has been around for at least eight years, though it has morphed over time. Apparently the DROA has chosen to test the 2003 judgment by the Federal Trade Commission (http://www.ftc.gov/opa/2003/12/domainreg.shtm).

One thing of interest here is the two-staged approach: The first message requires no action by the recipient, but the second message tells the user to obtain and hand over the keys to the castle.


One Comment on “Persistent Domain-Renewal Scam Alive and Kicking

  • name

    Huh, I have actually received this as snail mail from the same company. Sure it’s a scam, but it feels like 50% of everything is. I even get mail from a very well known auto insurance company, with PAYMENT NOTICE ENCLOSED printed on the envelope, even though I’m not insured by them. It’s the company with the gecko mascot

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>