After Shashi’s excellent article on the recent phishing attacks that occurred here at Network Solutions, we thought it a good idea to keep our readers aware of other relevant attacks that might come across their inboxes. I recently came across this article on Digital Inspiration about some of Google’s recent phishing incidents were customers had their gmail accounts hijacked.

Google engineers have posted a detailed explanation saying that the recent domain hijacking related incidents were due to phishing and not because of any security flaws in the Gmail software.

According to Google, attackers had sent e-mail messages to web domain owners asking them to visit fraudulent websites, such as “google-hosts.com”, with the purpose of collection their Google login credentials. Once they had access to the Google mail accounts, they would set up filters designed to forward email conversations with web domain providers.

They have some great advice on preventing such a thing from happening to your own Gmail/Google account. Since many people have moved to using web mail instead of mail clients like Outlook, this has become the latest target to make you an unwilling participant in spam spiders and other sorts of scams.

Things like email and web domains are core to us doing business on the Internet and are the most damaging when hijacked. We will continue to bring you relevant stories and advice to help you keep these scams from doing damage to your business.

We have been receiving reports that some customers are receiving spam/phishing emails that are fraudulent. There are reports that customers of other registrars are also receiving similar spam/phishing emails. The email we have seen has the subject line “Attention: domain will be expired soon.” There is a link the email that says “‘Renew your domain now and while it shows  http://www.networksolutions.com it actually goes to http://www.networksolutions.com.com42.asia>  now look closer , the link actually goes to the domain “com42.asia “. There are other domains and subject lines that are being used.

Please delete the email if it is suspicious. 

We want you to know that we are taking every possible measure to protect our Customers from this attack and mitigate its impact. We are working very closely with the Registries as well as ISPs to detect any new domains from which these attacks are coming and shut them down.

See image below as an example.

( You can click on the image to make it larger)

Please take precautions, when you click on any link in an email.  Also please make sure you check the top address bar of your browser before entering any information. A genuine network solutions page should look like this in the browser https://www.networksolutions.com/manage-it/index.jsp, the important part of this URL is that after the https://www.networksolutions.com/ there should not be any additional .com in the URL. Note that the link in the screenshot above has two .coms in the URL. You can also scroll over the link with your mouse and see where the link leads to in the status bar at the bottom of your browser.

If you believe you have received an e-mail of this type and have clicked on the link, and provided your login information, we recommend the following for security purposes:

• login to your account
• review your account information for accuracy
• choose a new password security question and answer
• change your password

If you believe any of your account information has been altered, please contact customer service immediately at: 1-800-333-7680

If you have questions, advice or ideas please feel free to leave a comment here on this blog. Here are some other  resources for learning more about Phishing :

http://www.microsoft.com/protect/yourself/phishing/identify.mspx

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

http://www.antiphishing.org/consumer_recs.html

http://www.businesswritinginfo.com/?p=302

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://www.commoncraft.com/phishing

Posts explaining and cautioning people:

http://www.sophos.com/security/blog/2008/10/1901.html?_log_from=rss

http://garwarner.blogspot.com/2008/10/first-enom-phish-now- network-solutions.html

http://www.domainnamenews.com/miscellaneous/network-solutions-proactive-in-fighting-recent-phishing-attack/3046

http://www.sophos.com/blogs/gc/g/2008/10/31/network-solutions-and-enom-targeted-by-phishing-attack/

http://www.circleid.com/posts/20081030_domain_slammers_go_phishing/

http://www.google.com/tools/firefox/safebrowsing/faq.html#q4

http://www.pcmech.com/article/fake-network-solutions-email-phishing-scam/