Category Archives: Computer Security

Computer Security related articles.

Domain Name Registration Spam – Scam

The Domain Name Scam

The Chinese Domain Name Scam is taking proportions and many of us received scary emails starting with this paragraph:
We are a domain name registration and dispute organization in Asia, which mainly deal with the global companies' domain name registration and internet Intellectual property right protection in Asia. Currently, we have a pretty important issue needing to confirm with your company.
On Nov 26, 2010, we received an application formally, one company named “Fake Company Holdings Ltd.” wanted to applied for the Internet brand “yourCompanyName.com” and some domain names through our body.

Now at first sight this looks very scary and the first reaction is to reply. Don’t do that. Delete the email right away and don’t bother unless protecting the Trademark is an issue for you. Read these two posts about how this scam messages can help you with that:
Domain Names Scam Explained
Trademark and Domain Names Protection

How does the Domain Name Scam work?

The spammer collects information from the Domain Name registration which is, in most of the cases, public. This information contains the owner name, the email address, and of course the Domain Name. This information is the base of an email sent to the CEO. The email informs the owner that another company is trying to register the domain name in cause but for another TLD.
As the owner of the domain you “get the benefit of being announced of this purchase” and are being offered to buy it yourself. For instance I own head-massage.net and someone is trying to register head-massage.tw and head-massage.cn, etc… Other country-specific flavors (.asia, .biz, .cc, .cn, .com. cn., .hk, etc.) can be mentioned. You are informed about this and offered to buy the domain or the domains. The email is devised in such way that your domains even if you don’t need it.


An example of a Domain Name Spam email

These emails are personalized to the owner/manager of a commercial Internet brand and insinuates that the brand is at risk due to a third party application being made for the respective trademark name. The nice foreign domain registrar they are will ask you if you want to secure all of the variants of your Domain Name so that you can protect your Internet brand.

Most of these SPAMS have Chinese senders. The email content is changing becoming more and more persuasive and subtle.
If you received one of these spams, paste a copy of the email in the comments. I also work as a SYS-Admin for a company with an important Domain Names portfolio and we get quite a lot of these.
Here is a copy of one of these email messages:
Subject: URGENT---dispute of internet intellectual property safeguard
(If you are not the person who is in charge of this, please transfer to the right person/department. Thank you.)

Dear CEO,

We are the department of registration service in China.we have something need to confirm with you.We formally received an application on April 27, 2009,One Japan company which self-styled "Path soft investment corp" are applying to register (my-head-massage head-massage) as internet brand name and domain names as below (head-massage.cc head-massage.name head-massage.com.hk my-head-massage.name my-head-massage.cc my-head-massage.com.hk my-head-massage.ae my-head-massage.tel my-head-massage.my head-massage.ae head-massage.tel head-massage.my. .etc).

After our initial checking,we found the internet brand name and these domain names being applied are as same as your company’s, so we need to get the confirmation from your company.If the aforesaid company is your business partner or your subsidiary company, please DO NOT reply us,we will approve the application automatically.If you have no any relationship with this company,please contact us within 10 workdays. If out of the deadline,we will approve the application submitted by "Path soft investment corp" unconditionally.

Please forward the email to your decision maker,and let them contact me in time,so that we can handle this in reasonable,Look forwarding to hearing from you.

Best Regards,

Jake Shen
Senior Consultant

If you received a similar letter please drop it in the comments area so we would have more examples.

Chain Letters and Spam Email

Email Chain letters are one of the sneakiest and devious ways of SPAM. I consider them a particular case of social engineering.

Chain Letters Target Human Weakness and the Lack of Information.

Even though chain letters come always from your friends, and they look like their purpose is to spread “peace on Earth” or to give you an insightful perspective of life, or ask you to help someone in need, their purpose is Spamming.
You can recognize this by the encouragement to forward the message to your friends or to close the email circle or anything similar. Some of you came here as a result of my SPAM, (I apologize, I had to…).
Sometimes the spammer will go as far as threatening you to send to your friends or else something bad will happen. All of these are various sorts of psychological exploitation. They target human weakness and lack of knowledge.
Most of the times chain letters contain false, misleading, frightening, or foolish messages, Urban Legends, Virus Hoaxes. The Chain Letter has evolved now and it is more subtle nonetheless dangerous. It uses “good luck” promises, “missionary” messages, or even true philosophical dissertations.
No matter what is the method of persuasion, all the chain letters will convince you to send the letter to other people. It is very convincing and it targets human flaws. I am not an easy to scare person but I can remember myself in at least on occasion getting chills up my spine while reading the blackmail at the end of the email. Human brain is easily influenced, once the message read you will start, unconsciously, to act upon validating the prediction. It is a process similar to Hypnosis.
Best way to avoid such events is to delete the message without reading it.
There is also the positive message if you forward the message to 5 friends something wonderful will happen in your life. Who can resist such a promise? Me.

Is It Wrong to Propagate Chain Letters?

Short answer – YES – it’s wrong to propagate chain letters. Previous paragraph explains why.
Long answer:
Sometimes it is hard to ignore some of these messages and discard them. Their message is beautiful, and you would like to share it with your friends. There is not too wrong to do that IF and ONLY IF you follow these simple rules.
Use BCC field when addressing your email, (blind carbon copy). This will conceal the destination addresses.
When the chain letter arrives in your Inbox there are high chances to contain all the previous recipients into its body. Remove all the email addresses in the body, before forwarding the message. This is of no benefit to you, but it will benefit the community, and if many people do this harvesting addresses will be very difficult. Who knows on how many chain letters has circulated my email address?
If you really need to send chain letters, consider using your secondary email address.
Consistency on doing all of these will discourage the creators of such letters to write them, as the benefit from sending them will be null.

The image below shows a portion of the email body of a message that contains all the previous recipients of a chain letter. Using an email harvesting utility I got 417 email addresses only from this message.

Example of email Chain Letter
Chain Letter - Click to enlarge

What does the SPAMMER achieve by these kinds of emails?

They harvest email addresses. How do they do this? The principle is that the more an email circulate the more chances are to come back to the original sender. Even if it doesn’t come back it will go to another SPAMMER in the “Black Hat Web Marketing Community” and made public within the community. Then all the harvested email address will be shared or sold.
Another reason for circulating chain letters is scamming people. There are numerous scamming schemes circulating through emails.
There are also the hoaxes. A lot of chain letters warn about an upcoming virus or a computer threat. Most of them are hoaxes. Some of them are just simple hoax, but some other are cleverly crafted emails, so that when a recipient look for some of the keywords in the respective email, they would be directed by the search engine to targeted websites.

How can the Spammer harvest email addresses?

The main problem comes from the fact that most of the people will never think of hiding email addresses when they are forwarding messages. This makes that an email can sometimes contain hundreds or even thousands of addresses from all the people that forwarded it. The picture bellow depicts such a message.

What can you do to help?

First, whenever you send an email to a list of people add your addresses on the BCC field rather than CC or TO field. The BCC field will hide all the destination addresses.
If you forward a message, delete the transmission history in the message body. Check this article Prevent email SPAM for more information.
Break the chain! Delete the message and do not forward it. You have now the information. Stop for a few minutes before sending the email and think.
Comment on this post with positive or negative feedback. I can take critique.

I dedicate this article to Bogdan M. who first talked me about chain letters some 10 years ago.