Network Solutions – Small business conversations and working together for small business success

We have been receiving this mail:

Dear Network Solutions® Customer,

On Fri, 31 Oct 2008 00:18:43 +0100 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

1. Log in to Account Manager at: http://www.networksolutions.com.
2. Click on the "Profile & Accounts" tab in the left navigation menu to be taken to a page listing your account details.
3. Click on "Accounts" and select the account you wish to edit.
4. Click "View/Edit WHOIS Contacts" to make your updates.


If you believe someone requested this change without your consent, please contact Customer Service.

If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.


Sincerely,
Network Solutions® Customer Support

http://www.networksolutions.com----------> url: www.networksolutions.com.sys44.biz

We received the same Email as Juanse. Is that Email part of the Phishiing scam?

I got a different one that said this:
Dear Network Solutions® Customer,

On Fri, 31 Oct 2008 08:35:18 +0100 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

And went to sys55 dot biz in the url. I've forwarded it to spoof@networksolutions, in case it could help and can send it anywhere else :)

Thanks again, and have retweeted this after mentioning it this morning to my twitterists.

Thanks Kaiberie,

We are proactively working with the community and other organizations to help mitigate the issue.

Shashi

Hi Shashi,
Thanks for the heads up. I got one that says "Your whois information is innacurate". But I got your email first :)
Thanks for being on top things!
Jeff

Thanks Jeff

Sorry for the long message that follows. Here is another variation with:
http://www.network....com.sys33.biz as the website that one is really directed to. One must watch the phishing closely.

-----
Dear Network Solutions® Customer,

On Thu, 30 Oct 2008 22:55:21 +0100 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

1. Log in to Account Manager at: http://www.networksolutions.com (***** Note the following:) <http://www.networksolutions.com.sys33.biz> (********) .
2. Click on the "Profile & Accounts" tab in the left navigation menu to be taken to a page listing your account details.
3. Click on "Accounts" and select the account you wish to edit.
4. Click "View/Edit WHOIS Contacts" to make your updates.


If you believe someone requested this change without your consent, please contact Customer Service.

If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.


Sincerely,
Network Solutions® Customer Support
-----
If you look at the internet headers, the return paths and the IP addresses don't match. Further the mailbox it is going to is generic and not one I use.

Return-Path: <umwpfivt@blueturtle.com.au>
Received: from [41.251.61.144] ([41.251.61.144])
by ****** (***.***.***/***.***.***/++++) with ESMTP id m9UMhgVU032654
for <*****@wizards.net>; Thu, 30 Oct 2008 15:43:45 -0700
Received: from [41.251.61.144] by mail.blueturtle.com.au; Thu, 30 Oct 2008 22:55:21 +0100
Message-ID: <01c93ae2$95fa5280$903dfb29@umwpfivt>
From: "NetworkSolutions Support" <customerservice@networksolutions.com>
To: <*****@wizards.net>
Subject: Your domain must be deleted today!
------

Thanks for the notice though.

CC

I received the same email. Coincidentally, I had updated my contact information yesterday, so I had to read through the email before dismissing it as junk.

Curiously, the phishers know to email me at the email address associated with my domain, but that's not the email I have listed as my contact w/Network Solutions.

Hi Colleen,

I would still change your password just to be safe. We are proactively taking steps to spread the word and help protect our customers.

Shashi

I received several versions of the fake Network Solutions email - I clicked on the bogus link - it took me to a Google/Dell site - I gave no information - do I need to be concerned?

To be safe I would advixse you to change your account password and security info.

Thanks,

Shashi

You are encouraging this Phishing scam by the email that you sent today to the domain admins:
(1) your email has clickable links in it, which encourages such social engineering;
(2) your email has a "From:" header indicating that it is from "NetworkSolutions@info1.networksolutions.com", but the sending MTA that sends the email out (IP 64.14.81.242, with reverse DNS and SMTP EHLO of "netsol.outbound.ed10.com") is not from that domain, and a "whois" of "ed10.com" shows that it is not registered to Network Solutions, but instead that the registrant is:
E-DIALOG
131 Hartwell Ave.
LEXINGTON, MA 02421

Shame. You don't care about protecting people from phishing scams; you just want to cover your ***.

While I disagreed with Paul that coming to the blog was a waste of my time, it did, indeed prove so, since the example fraudulent email showed up as unreadably small on my monitor, compared to the rest of the blog entry. I wanted to see an example.

In the event, I have not received any expiration notices, and routinely examine the actual address shown in my browser status line before clicking on any link, so would not have clicked on something like the example in this blog.

Networks solutions is full of a bunch of idiotic monkies. Get real you dopes.

RW is absoluetly correct!

You are encouraging this Phishing scam by the email that you sent today to the domain admins.

Your emails look just like the formatting of the phishing emails. Don't sent out an email in another format...that would make too much sense!!

(1) your email has clickable links in it, which encourages such social engineering;
(2) your email has a "From:" header indicating that it is from "NetworkSolutions@info1.networksolutions.com", but the sending MTA that sends the email out (IP 64.14.81.242, with reverse DNS and SMTP EHLO of "netsol.outbound.ed10.com") is not from that domain, and a "whois" of "ed10.com" shows that it is not registered to Network Solutions, but instead that the registrant is:
E-DIALOG
131 Hartwell Ave.
LEXINGTON, MA 02421

Shame. You don't care about protecting people from phishing scams; you just want to cover your ***.

SHAME ON YOU IS RIGHT! I hope Godaddy continues to eat your lunch! We have moved hundreds of domain to them in the past few years due to your gross incompetence!

I've received an email from NetworkSolutions@info1.networksolutions.com with the Subject line: Action Required: Important Account Information. Wants me to review your WHOIS information. Is this another phishing message?

Why don't you provide SPF records like the banks do?
At least we then can then filter out the phishing messages.

@Juanse - I received that one too:

from info@enom.com links go to: http://www.enom.com.sys43.ru/
Dear user,

On Sat, 1 Nov 2008 13:55:35 +0200 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Sat, 1 Nov 2008 13:55:35 +0200 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260


LINK TO CHANGE INFORMATION - http://www.enom.com


Thank you,
Domain Services

[IncidentID:12397]
http://www.enom.com.sys43.ru/

I also have received 2 emails like this below - is this another example? also recieved the network solutions one as well.

Dear user,

On Sun, 2 Nov 2008 19:39:49 +0300 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Sun, 2 Nov 2008 19:39:49 +0300 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260


LINK TO CHANGE INFORMATION - http://www.enom.com


Thank you,
Domain Services

It's indeed another phishing email, Jane. Domain registrar eNom posted about it on their enom.com site.

Anyone can tell me what LDAP mean - when i type in my website i get that information. What should i do?

como y donde cambio las claves y usuarios de mi dominio

I finally got an email from a credit card company warning about security breach that wasn't phishing. After calling the number on my statement, it turned out there had been an attempted security breach. I have always routinely discarded every email as phish thinking that they were all bogus, but something about this one seemed real. I'm glad I called and now I am going to check on the ones that come from companies that I actually do business with, just to be on the safe side.

i think that phishing is dumb.
go to my site if you have piczo!
www.emptydreamer.piczo.com
it has codes

Funky domain names always give fraudulent emails away. When you hover over a link you can usually see in the bottom left hand corner of your browser where it's going to take you. A good way to double check.