Warning: Phishing attempts via email claiming to be from Tucows/OpenSRS

GeorgeK · Jan 8, 2009

Just like phishers previously pretending to be Moniker:

http://www.dnforum.com/f26/warning-phishing-attempts-via-email-claiming-moniker-thread-247216.html

it looks like someone is trying to pretend to be Tucows/OpenSRS, to try to get you to click a link (and steal your Yahoo cookies, passwords, etc., thereby stealing your domains, etc.)

Here's some of the email:

----- start email snippet -----------------
From: "[email protected]" <[email protected]> Add to Address Book Add Mobile Alert
To: [email protected] [redacted]
Date: Thu, 08 Jan 2009 22:26:33 +0300
Subject: IMPORTANT: Transfer of domain registration confirmation

============================================================
CHANGE OF REGISTRANT PENDING
=============================================================

Dear Firstname, Lastname

The registrant of the following domain name(s):

http://example.com --- they use a different domain than example.com

has initiated a process by which you will become the registrant
of the domain name(s).

IMPORTANT: You must complete all of the steps below before the
domain can become active in your account.

-------------------------------------------------------------
You may be asked to log in to your account. To safely log in:

1. Go to the domainhelp.opensrs.net, Inc. home page and select "My Account."

2. Enter your account number 12065569 and password.
Then, click "Secure Login."
---- end email snippet --------------

The email is pretty authentic looking. Of course, I'm far too paranoid to click on links like that, but a lot of people would probably click on it, in order to try to figure out who is trying to transfer a domain name to them.

So, be careful out there! This is why I'm always hammering away on methods to try to improve registrar security, as the thieves continue to get away with this, due to reliance on email as proof of "ownership" or "control" of a domain.

Sincerely,

George