Home Malware Fake Domain Suspension Notice Emails Link to Malware

Fake Domain Suspension Notice Emails Link to Malware

by Brett M. Christensen

Domain name holders are currently being targeted in an aggressive malware campaign that claims their domain name has been suspended for violation of the domain registrar’s abuse policy. The messages list your domain name, your registrar, and your registrant name. 

They claim that the registrar has tried repeatedly to contact you about abuse complaints but did not receive a reply. Thus, claim the emails, the registrar had ‘no choice but to suspend your domain name’.

The messages advise you to click a link to download a copy of complaints received. It also advises you to ‘contact us’ for additional information and includes an ‘Abuse Department Hotline’ phone number.

However, despite their legitimate appearance, the emails are not from any domain registrar. Instead, they are a criminal ruse designed to panic you into downloading and installing malware. If you click the link in the emails, a malicious executable file will be downloaded to your computer. If you then open this file in the hope of viewing the supposed complaints, the malware will be installed.

Once installed, the malware may download further malware that may steal personal information such as passwords and allow online criminals to access and control your computer. 
This campaign is especially dangerous because it uses valid information about the domain registration and includes your full name. And, it uses spoofed email addresses to make it appear that the message really did come from your domain registrar. Even experienced users might be caught out by this attack.

Melbourne IT, one of the targeted domain registrars, has published a warning about the attack on its website.

Calling the ‘Abuse Department Hotline’ gets a ‘number not connected’ error message.

If you receive one of these emails, do not click any links or open any attachments that it contains. Do not reply to the email and do not attempt to call any phone numbers listed. If you have any concerns, contact your domain registrar directly.

Examples

Subject: Domain [domain name removed] Suspension Notice

Dear Sir/Madam,

The following domain names have been suspended for violation of the Melbourne IT Ltd Abuse Policy:
Domain Name: [Removed]
Registrar: Melbourne IT Ltd
Registrant Name: [removed]

Multiple warnings were sent by Melbourne IT Ltd Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,
Melbourne IT Ltd
Spam and Abuse Department
Abuse Department Hotline: 480-195-3050

 

Subject: Domain [domain name removed] Suspension Notice

Dear Sir/Madam,

The following domain names have been suspended for violation of the DYNADOT LLC Abuse Policy:

Domain Name: [removed]
Registrar: DYNADOT LLC
Registrant Name: [removed]

Multiple warnings were sent by DYNADOT LLC Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here [LINK] and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,
DYNADOT LLC
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer