24/7 Support (425) 274-4500 | Submit a Ticket | Who is my Reseller?

Phishing Alert

Article Number: KB 2000

Product: Security Alert

Audience:eNom Reseller, eNom Central, Bulk Register

Problem

I have received an email from eNom's Abuse Department claiming that my domain will be suspended. What does this mean?

Cause

We are aware of a phishing campaign with emails purporting to represent our Abuse Department.

What are the Characteristics of this particular Phishing email?

Some characteristics of the series of emails we’ve been alerted are:

  • The email will claim to be from eNom’s Abuse Department, alerting you that your domain name will be suspended.
  • The URL link in the body of the email does not point to eNom. Instead the link in the email points to different URL, with no reference to eNom.
  • The phone number at the bottom of the email is not a Seattle Area phone number: 480-124-0101

Solution

The practice of "phishing" is an attempt to trick an email recipient into clicking on an email, that would for example purport to be from eNom and asking the user to log in to the site and verify their information. But the problem is that this email didn’t come from us.

Though eNom's abuse team will send out notices to Domains that violate policy, we are currently aware of reports of a series of phishing and malware emails that have been received by various domain owners.

If you received an email within the past few days claiming that your domain will be suspended, please examine it carefully.

First, do not click on any link in the email. If you have any questions or concerns regarding your domain status, please reach out to our support team by submitting a ticket from within your eNom account.

What can you do to ensure you're protected?

Recipients of phishing emails may notice that the links in the fraudulent email have URL that may be similar to eNom's actual URL, such as "enom-server.com" instead of eNom.com.

Additionally, even if it said eNom.com in the email, it is possible to have HTML (the language much of the internet is displayed with) show one thing (www.eNom.com) but have the link go somewhere else (enom-server.com).

So even if it looks perfectly legit, what should you do? Don't click. Simple as that. If we ever email you about an issue with your account, you will be encouraged to go to your browser and go to eNom.com to accomplish the task.

This is very similar to the rule of never giving private information to someone who calls you.

More Information

What has eNom done since finding out about these phishing emails?

Our team takes phishing very seriously. We have assemble a team of Compliance, Legal, Security and Marketing. We report this to the domain name registrar, the website hosting provider, and the web host's upstream provider. We also submit the offending URL, in this case enom-server.com, as a phisher to Google Safe Browsing and MS SmartScreen for IE.

Last Updated: October 28, 2015

 

Still looking for help? Call us at 1-425-274-4500 or click here to open a ticket online.