Phishing scams seem to exist everywhere. As we become more involved and integrated online it becomes important to not unwittingly approve a phishing scam invoice or order. What might appear genuine is simply a scam.
Often it is not until you use a few forensic tools and data matching that you suddenly realise that you could be easily ripped off. Conversely are your genuine activities, brand etc viewed as genuine or mistaken as a scamming, or worst still, has someone adopted your brand, profile and passing off as you.
The ability to be able to verify potential orders and customers you receive as a supplier from online is a vital skill you all need to know.
Today I received a domain name registration order for a domain I own that I normally renew direct with the registrar for $US9.95. So when I saw this email asking me to renew for $US75 from an unfamiliar name I knew immediately this was a scam, so I thought I would dig deeper.
A point to note is that this url is due for renewal at the end of July so for the unsuspecting they could be easily caught out. The fact that they state 28 June as a non action deadline is a give away to the savvy online administrator.
The first detail I immediately noticed that it was an IN domain ..hmm first give away… an Indian domainl url. The second was the domain itself ORDERTRACKING76777 which gives me a hint of a automated set up design to cream those who thought they were registering with their original domain name registrar. So next up was to check who owned ORDERTRACKING76777.IN A quick check revealed Alan S in Arizona was the registrant who secured this domain a few days ago 10-Jun-2012 21:03:57 UTC. A check of the zip code is for the city of Glendale. However despite postal address and tel phone number provided I am going to guess this email did not originate out of Glendale, Arizona. So since I am writing this post as I research this scam give me a minute and I will check the email server route… my guess it did not originate out of the Arizona..so lets see. For clarity I placed the link that was hyperlinked on the “process secure payment” for your viewing. … back in a minute.
Well as suspected the email originates out of Union City, Tennessee. A further check identifies that the email may well have originated near this location … ,2114 E Old Troy Rd, Union City, TN 38261 Checking the actual address using forensics can vary to achieve 100% accuracy using public tools due to server locations, firewalls etc. However it does give an indicator.
Next up is to check the telephone number and to see where it is registered to. Now one could simply call the number and ask, however we will see what forensics will tell us. So after checking the Area tel code 602 is registered for Glendale, so that does match the postal address. Next if we check the owner of the email address .. now this can be telling by what it does not tell us and in this case the email address is a free yahoo address .. as email@example.com which means unless we are Yahoo we can not check who operates this, even-so a red alert comes on as the Registrant knows it can not be easily traced.
Next we check the persons name and the company name that is stated as owning this domain. So a good give away is that the Surname is “S.” Now after checking the company name on the State of Arizona;s company database there is no company registered as AS Marketing LLC, so in likelyhood that this person is passing off as a registered scammer front and is not a legal entity as such. A criminal case of breaking the law.
Now at this point I thought we would do the obvious and visit the url http://www.ORDERTRACKING76777.IN and see if my estimation todate matches what we find …so lets go have a look…..hmmm … The fact I can not find the company on the Arizona company database and it is a IN domain my alarm bells are ringing very loud. My first siren is ringing as there is no such web site as www.ORDERTRACKING76777.IN So since the url is (DO NOT CLICK ON IT) http://ordertracking76777.in/order/NrHxLewmne3UqNt5PlhG1A%3D%3D raises significant doubts as to what page it will land on. So whether the site is a scammers url order cart or simply drops a virus onto my computer we will never know. The question I ask myself why does a USA company not use .com when it is available … makes me smell a rat.
Now in reviewing IN …Wikipedia states ...Before the more liberal policies for the .in domain, only 7000 names had been registered between 1992 and 2004. As of March 2010, the number had increased to over 6.1 lakh, with 60% of registrations coming from India, rest from overseas. This domain is popular for domain hacks.
Now for the benefit of the Search Engines and any one else who received the email I have include the body text so they might come across this posting.
Registration includes SE submission for ULTIMATEINTERNETINTERVIEWS.COM for 12 months. There is no obligation to pay for this order unless you complete your payment by Jun 28, 2012. SE Services provides submission services and search engine ranking organization for domain owners. This offer for submission services is not required to renew your domain registration.
Failure to complete your search engine registration by Jun 28, 2012 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web).
So overall this email when checked against my partial checklist fails on every account.
Now imagine this – If this company was actually genuine and simply over ambitious is getting you to renew with them they fail in every category. Even if they got 50% pass it raises serious doubts as to doing any business with them and would you actually get the SEO service. So the question every company should ask itself how do you know if that $5000 order is genuine of a scam, or that inquirer is very genuine but just not ready to reveal their full identity with their initial inquiry.
Almost as a joke they state the email compiles with the Anti spam laws…. providing a link to unsubscribe …which just so happens to be the same as the renew link.
If you need this type of forensic service for emails you receive I can offer the service. Rates according to work required.
Contact Kevin Andreassend on +64-9-4142348