Andrew Allemann wrote about a phishing email he received purporting to by from Dynadot, and I received a very similar email purporting to be from Enom. The email was caught by Gmail in the spam/junk filter, so it looks like some mail providers have been catching on to these phishing attempt.
By my own observations, it seems that domain registrar phishing attempts are on the rise. This particular attack looks like it is more along the lines of a spear phishing attempt since it mentioned a specific domain name that is owned by my company rather than being randomly sent.
When a hacker is able to obtain account login information due to a successful phishing attempt, they can easily steal domain names from the account. While most seasoned domain investors would not fall prey to this, I would imagine there are people who own just a few domain names that might.
The best thing to do to secure domain registrar accounts, in my opinion, is to have two factor authentication enabled. Many registrars offer it, and it’s very important to set up.
I have published the email below so you can see what it looks like:
(Subject: Domain [redacted.COM] Suspension Notice
The following domain names have been suspended for violation of the ENOM, INC. Abuse Policy:
Domain Name: [redacted.COM]
Registrar: ENOM, INC.
Registrant Name: DOMAIN ADMINISTRATOR
Multiple warnings were sent by ENOM, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us by email at mailto:firstname.lastname@example.org for additional information regarding this notification.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101