Warning: eNom Spear Phishing Email | Domain Investing
Neustar Domain Names

Warning: eNom Spear Phishing Email


I want to share a warning with you regarding a spear phishing email I received that claimed to be from eNom and even used a “eNom” branded ccTLD domain name to carry out this scam. I consider it spearphishing rather than phishing because it contained information specific to the domain name that was mentioned, and these types of targeted phishing campaigns can be more confusing for recipients.

From what I know, phishing emails are the likely culprit for the majority of domain name thefts. Once a thief has access to a registrar account, he can change account details and begin the process of stealing domain names without the owner’s knowledge. It is important to remember that this type of email can target domain name owners at other registrars. Thieves can also use any domain name that looks official, so shutting this down is not as easy as turning off the domain name that is being used to carry out this campaign.

To best protect domain registrar accounts, it is important to turn on two factor authentication (2FA), which is offered by many domain registrars. eNom uses Google Authenticator as well as a two question account validation login for security. Other registrars use different methods of 2FA.

If you do find yourself a victim of domain theft, attorney Stevan Lieberman wrote a helpful article on how to recover a stolen domain name.

Here is the email I received with some details removed:

Subject: eNom – IMPORTANT! Verify your contact information for DOMAININVESTING.COM

Dear DOMAIN ADMINISTRATOR, 03/06/2016 09:15:32 pm

Your contact information [Redacted] & [Redacted] , has been set as the Registrant contact for a domain name registered through eNom.
Please click on the following link to verify your Contact Information


This notice is being sent due to the ICANN Validation to confirm the WHOIS information on your domain(s).
Please note that failure to verify the Registrant contact information will lead to deactivation of the respective domain name(s) if not completed within 3 days from the date of that action.
Once deactivated, the domain names will not function until the information is verified.


For any support with respect to your relationship with us you can always contact us directly using the following Information.

Sales Department sales@enomsupport.com
Support Fax 425.974.4791
eNom Headquarters 5808 Lake Washington Blvd. NE, Ste. 300, Kirkland, WA 98033, USA

About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.

Reach out to Elliot: Twitter | | Facebook | Email

Comments (4)


    I received the same email.

    I checked the enom.ws domain linked in the email. It was registered yesterday (2016-03-06)…

    March 7th, 2016 at 10:14 am

    Joseph Peterson

    That ICANN policy requiring registrars to validate contact information – since it was implemented 2 years ago, what has it accomplished other than bringing down active websites and opening the door to phishing attacks?

    March 9th, 2016 at 3:48 pm

    Joseph Slabaugh

    Admin Name: Saeed Kamel
    Admin Organization:
    Admin Street: 97 Ahmed Esmat st
    Admin City: Cairo
    Admin State/Province: Cairo
    Admin Postal Code: 11311
    Admin Country: EG
    Admin Phone: +20.1147051965
    Admin Phone Ext:
    Admin Fax:
    Admin Fax Ext:
    Admin Email: SaeedKamel2025@gmail.com

    You could forward it to abuse@godaddy.com

    March 10th, 2016 at 9:08 pm

Leave a Reply

Name *

Mail *