Saturday, 18 January 2014

Emails from "ICANN" asking to verify the WHOIS contact information

The organisation responsible for domain names across the internet is called ICANN (Internet Corporation for Assigned Names and Numbers).

They have determined that many people who have registered domain names have used false email addresses to do so. The reasoning behind people wishing to do this is likely to be in order to reduce spam, as ICANN happily publish those email addresses to all and sundry.

For reasons which remain unclear, and without any publicity that we are aware of,  ICANN now wish any Registrant of a domain name with suffixes such as ".com", ".org" and ".net" to verify that they actually have access to the email address held on the ICANN database. I couldn't find any definitive information on this unexpected move on ICANN's own website at http://www.icann.org/ 

However, we have clients who have reported to us that their domain has been suspended, following receipt of an email from ICANN asking them to click a link to verify their email address. That this email has every appearance of a phishing scam seems to have passed ICANN by in their rush to enforce the rule that domain names must be registered to people with legitimate email addresses.

Had I received this email I would have deleted it without a second thought as it screams "SCAM!"

The body of the email being sent out reads:

Please be advised that as of the 1st January 2014 it has now become a mandatory requirement from the Internet Corporation for Assigned Name and Numbers (ICANN) that all ICANN accredited registrars verify the WHOIS contact information for all new domain registrations, domain transfers and registrant contact modifications.

You have received this email as you have recently transferred one or more domains to Your domain services provider with the following registrant details:

Name: Xxxxx Xxxxxxx
Email Address: xxxx@xxxxxxx.com

Under the changes requested by ICANN you need to verify your registrant email address. Please click on the link below to verify this email address.

https://www.verify-whois.com/?DW%2bXxjsfv7sldjfvsdnfv;kjsd6bsadcflkj7slkdjfcv

You have 15 days from the time the transfer completed to verify your email address.  If your email address is not verified within these 15 days the domain name(s) will be suspended until the email address is verified.

Once the link above is clicked this email address and the domains listed below will be instantly verified.

Please note this email is not a phishing email and is being sent to you following the change outlined above from the 1st January 2014 by ICANN.

Whilst this email is genuine, and clicking on the link did indeed verify the email address with ICANN, you can expect to see similarly worded emails being sent out by malicious scammers.

How do you tell the difference between the real email and a scam?

If your domain is registered through us then you will be the "Registrant", or legal holder, of the domain name and so you will receive the email from ICANN. We won't be aware of this as, unlike many domain registration companies, we do not register the domain name in our own name, as it is your domain and not ours.


You can forward any such emails to us for checking if you wish. This service is free of charge if the domain name has been registered through ourselves, of course.

UPDATED: 05 March 2014

As we said above, "you can expect to see similarly worded emails being sent out by malicious scammers". Today we saw the first such email, which was pretending to be from Microsoft, starting with the line, "New Regulations from Microsoft Corporation and your email host, now require that email account holders must verify their email account information."

As suspected that email isn't genuine and clicking the "Verification Link" would take you to a malicious website which would install viruses on to your computer.

____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014