Domain Registration Scams (yawn…)

Dear China,

I’m not ESET’s CEO, and in any case it’s my job to be able to recognize domain registration scams. So three scam emails in one morning is a bit futile. I particularly like this one, though.

(Letter to the President or Brand Owner, thanks)

Dear Sir or Madam,

We are the department of Asian Domain Registration Service in China. Here I have something to confirm with you. We formally received an application on July 8, 2013 that a company claimed “BU&TN Global Investment Co.” were applying to register eset as their Brand Name and some domain names through our firm.

Now we are handling this registration and after our initial checking, we found the names are similar to your company’s, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we would finish the registration at once. But if you did not authorize, please let us know within 7 workdays, so that we could handle this issue better. After the deadline, we will unconditionally finish the registration for “BOL Investment  Co.”. I am looking forward to your prompt reply.

If the name of the company I’m supposed to be in competition with for the ESET brand changes in mid-scam, I guess there’s no point in my registering their brand name here, is there. 😉

If you’re unfamiliar with this scam – and some small companies without in-house legal expertise do seem to fall for it – the scam works like this. They tell you that a mythical company is trying to register your brand as a domain name in China, and that they’re checking to see that you authorized them to do so. If you tell them they’re not authorized, they’ll then tell you that the only way you can stop them registering is to register the domain yourself. For a fee, of course.

As Aryeh points out in his ESET article, I started seeing these around ten years ago, when I was working for the UK’s National Health Service. Small Trusts would report to me that they’d been contacted by domain registration companies claiming that some company had applied to register loamshire.nhs.trust (or whatever). An additional twist in those days was that the scammer would suggest that the new site would be used to push pornographic material. I haven’t seen that particular approach used in the current spate of scams: maybe they figured that the NHS would be particularly sensitive to that kind of threatened reputational damage. Which may have been quite astute. Fortunately, most of the recipients were savvy within the NHS seem to have been savvy enough to check before handing over any money.

David Harley
Small Blue-Green World
ESET Senior Research Fellow