This morning I received an email that appears to be a Namepros domain forum phishing attempt, which I posted below. There are a couple of things domain investors and developers can learn from this:
1) Have different user names and passwords for forums, blogs, registrar logins…etc.
2) Don’t click links in an email as they can be cloaked.
3) If you suspect that you have clicked to a phishing website, tell the webmaster and change your password on the real site
4) Protectively register similar domain names to prevent confusion – especially if your website allows people to sign up.
It appears this email refers to a site at wwwnamepros.com rather than www.namepros.com, and the phishing domain name is registered at Godaddy. The spoofed website has already been taken down. However, you should be aware of this now and for the future. It should also be noted that the Whois information on the domain name is not private.
Here’s the email:
DO NOT REPLY TO THIS EMAIL!
You have received a new private message at NamePros.com from steelejones, entitled “Trader Rating Notification”.
To read the original version, respond to, or delete this message, you must log in here:
This is the message that was sent:
You have received a new Positive rating or comment from steelejones.
Details about this transaction can be found *on your iTrader page* (http://wwwnamepros.com/itrader.php?u=88275).
Note: This is an automated message.
Again, please do not reply to this email. You must go to the following page to reply to this private message:
All the best,
You’re right — there is a phishing attempt going on. I’m not sure how many people have been affected, however it is severe enough that all Namepros accounts now have a warning about it when they go to their private message page. If everyone followed the advice you gave above, there would probably be a whole lot less phishing attempts because nobody would become a victim of them.
I have seen this many times with various forums, but never before with NamePros..
I have learned to never click the links in the email, and instead go to the website and respond to the PM (if there is one) from my UserCP.
It has become my habit to do this, and should become yours as well.
I got f’d.
Usually, I’m 200% careful, but this time – I logged in. Briskly changed my password when I realized what had happened. Contacted support so I can forward the email if need be.
The email looks official; but the landing page the link takes you to (not to mention the url now that I glance at it again) looks fake as all-hell…