Worst phishing ever

Posted by David Zaslavsky on
Comments
Bookmark and Share

Okay, not the worst — there's plenty of room on the internet for any amount of incompetence you care to look for — but anyway: I just got this link in what looked like a rare well-crafted piece of spam. Now, for a while I've wanted to actually follow some of these spam links, see what the latest phishing tech looks like, and maybe if I'm feeling nice feed them some fake login information (like empty calories for websites, I suppose).

Turns out, when these particular spammers created their mockup of the Enom web page, they completely neglected to change the links! So anyone who clicks anything on the page — even the "forgot password" link — gets redirected to the legitimate site. Way to completely defeat the point...

Not to mention, the email they're sending talks about domain information in the WHOIS database, which is something that only a very small percentage of internet users would know/care about. Probably the same small percentage who know how to identify spam. And who know to actually look at the addresses of the websites they go to. All in all, I have to wonder whether this particular scheme is actually going to work on anyone.

But then again, as they say, people are stupid ;-)

The email:

Dear user,

On Wed, 29 Oct 2008 11:25:09 +0700 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Wed, 29 Oct 2008 11:25:09 +0700 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION - http://www.enom.com

Thank you,

Domain Services

[IncidentID:34399]