By Jan Carroza and Sharon Hill
A small business we consult with from time to time forwarded these emails somewhat in a panic. This business did not authorize any such transfer and the domain was not up for renewal for several months. Here is the text of the email:
Thank you for registering/renewing the following domains with the NAME OF COMPANY.
We take pride in offering you superior customer service and competitive pricing.
*******************************************************
Order Information
*******************************************************
anydomain.com renewal/transfering
The order number for anydomain.com is 123456.
*******************************************************
Payment Information
*******************************************************
Your credit card has been billed for $30.00
NAME OF COMPANY
support@NOC.com
Several days later, they received a second email which stated:
The transfer and renewal of your domain name, anydomain.com is not yet complete at this time.
Reason:
——-
1) The Domain name is currently in a “REGISTRAR-LOCK” status with your current registrar.
2) We require that you provide us with an EPP Key/Authorization Code from your current registrar
In order to complete the transfer and renewal, the “REGISTRAR-LOCK” status needs to be removed and an EPP Key/Authorization code needs to be obtained. Please see below for instructions on achieving this.
This email goes to explain, in detail, the steps to unlock their domain and then transfer their domain to this company.
After several hours of running this down, this company had been reported before and the Federal Trade Commission filed a complaint and a federal district court which resulted in a Stipulated Final Judgment and Order for Permanent Injunction and Consumer Redress at the end of 2003. The script may have changed somewhat and therefore need to be re-addressed.
What should you do if you receive an email from a company that is not your domain registrar or web hosting company regarding your domain? Do not act upon it blindly. Just as with any online transaction, you should initiate the process. In other words, do not click on a link provided in the email. Go to the site directly through the address bar and make sure all is well. Call or email your registrar and/or web hosting company and check your credit card for any unauthorized charges.
To report spam and phishing to the Federal Trade Commission go to: http://www.ftc.gov/ftc/contact.shtm and scroll down to:
About Spam & Phishing Email: spam@uce.gov
- Forward unsolicited commercial email (spam), including phishing messages, directly to the FTC at spam@uce.gov. These messages will be stored in a database law enforcement agencies use in their investigations.
If you have any questions, contact us. We will be glad to help.
@social_dynamics
