Domain name holders are currently being targeted in an aggressive malware campaign that claims their domain name has been suspended for violation of the domain registrar’s abuse policy. The messages list your domain name, your registrar, and your registrant name.
They claim that the registrar has tried repeatedly to contact you about abuse complaints but did not receive a reply. Thus, claim the emails, the registrar had ‘no choice but to suspend your domain name’.
The messages advise you to click a link to download a copy of complaints received. It also advises you to ‘contact us’ for additional information and includes an ‘Abuse Department Hotline’ phone number.
However, despite their legitimate appearance, the emails are not from any domain registrar. Instead, they are a criminal ruse designed to panic you into downloading and installing malware. If you click the link in the emails, a malicious executable file will be downloaded to your computer. If you then open this file in the hope of viewing the supposed complaints, the malware will be installed.
Once installed, the malware may download further malware that may steal personal information such as passwords and allow online criminals to access and control your computer.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
Melbourne IT, one of the targeted domain registrars, has published a warning about the attack on its website.
Calling the ‘Abuse Department Hotline’ gets a ‘number not connected’ error message.
If you receive one of these emails, do not click any links or open any attachments that it contains. Do not reply to the email and do not attempt to call any phone numbers listed. If you have any concerns, contact your domain registrar directly.
Examples
Subject: Domain [domain name removed] Suspension Notice
Dear Sir/Madam,
The following domain names have been suspended for violation of the Melbourne IT Ltd Abuse Policy:
Domain Name: [Removed]
Registrar: Melbourne IT Ltd
Registrant Name: [removed]
Multiple warnings were sent by Melbourne IT Ltd Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us for additional information regarding this notification.
Sincerely,
Melbourne IT Ltd
Spam and Abuse Department
Abuse Department Hotline: 480-195-3050
Subject: Domain [domain name removed] Suspension Notice
Dear Sir/Madam,
The following domain names have been suspended for violation of the DYNADOT LLC Abuse Policy:
Domain Name: [removed]
Registrar: DYNADOT LLC
Registrant Name: [removed]
Multiple warnings were sent by DYNADOT LLC Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here [LINK] and download a copy of complaints we have received.
Please contact us for additional information regarding this notification.
Sincerely,
DYNADOT LLC
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101
Since you’ve read this far…
…can I ask you for a big favour?To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.
Thank-you.
Brett Christensen