Security Alert: New registrar phishing schemes
By Ryan on Wednesday 5 November 2008, 10:04 - Gandi - Permalink
 |
Gandi has uncovered a new phishing scam that could lead to someone gaining control over your domain name without your knowledge.
you. To protect your domain name and online presence, please read this security alert carefully as it contains important information. |
What is phishing ?
As with any phishing scheme, the principle is to trick you into logging into a website that you think is secure. What really happens, however, is that the victim logs into a counterfeit website (a copy of the real one). When the victim enters his or her username and password into the login form on the counterfeit website, this information is sent to the thief. Depending on the sophistication of the phishing website, you may then be forwarded to the real website, and as such you may not even be made aware that your information was stolen.Many people tend to use the same password for various websites, and consequently when the thieves are sent your password, they can then try to log in as you on other websites. This is why Gandi encourages you to use different secure passwords for each website for which you need to log in.
Until now, phishing schemes have largely been limited to banks and social networking websites.
The new danger:
We are now seeing the introduction of registrar phishing schemes on the internet. What is now occurring is that thieves are trying to obtain your registrar login account information in order to steal your domain names from you.How to identify the scam:
We have identified a couple of registrar phishing scams. These scams appear to come from a registrar, and appear to be legitimate e-mails either requesting that you correct your whois information or log into your account for some reason.Some subject lines are:
- Inaccurate whois information. [IncidentID:79480]
- Maintenance at eNom.com
There may be others, however, as phishing scams evolve over time.
How to protect yourself:
- Be cautious. When in doubt, do not hesitate in contacting our customer support team.
- Mail from Gandi will include your handle, personal information
- If there is a link in the mail, be sure that it comes from the right source. You need to check that the domain name corresponds to your service provider.
For example: the following is a real login address for Gandi:
https://www.gandi.net/login
In this case, you can see that the domain is gandi.net (shown in bold), and therefore you are sure that it is our website. (Users of Firefox 3 will see this automatically in the URL bar, as the browser detects the real domain and shows it to you.)
A fake login address (for a registrar we'll call example.net) may therefore look like:
http//www.example.net.s3cure12afa.biz or http//www.example.net.token1232gh5.securelogin4.s3cure12afa.biz
In the case of the above, you see that the real domain name is s3cure12afa.biz (which I have put in bold to show you) and not example.net! Though the website may appear to be legitimate (remember, the thief made a copy of the real one to trick you), you would actually be providing your username and password to the owners of s3cure12afa.biz.
For more on how to identify domain names, and how they work, please refer to our wiki page here.
Conclusion:
Be suspicious of mails you get that ask you to log into your account.Your registrar is Gandi, and so you will only log into GANDI.NET's website. Be careful that the URL (the website's address) is on the domain name gandi.net and nothing else.
If you think that you may have already been a victim of this, or if you are unsure, please do not hesitate in contacting Gandi's customer care team.
Sincerely,
The Gandi Team