If you’re getting a lot of email spam from “final notice” scammers, you’re not alone.
Those cybercriminals often hide in Asia or Europe, blasting emails to domain owners using WHOIS databases.
Their emails serve a dual purpose: to ping the recipient’s email validity, and to attempt further scamming for unnecessary services, such as this:
This important expiration notification notifies you about the expiration notice of your domain registration for [domain] search engine optimization submission. The information in this expiration notification may contain confidential and/or legally privileged information from the notification processing department of the Domain Seo Service Registration to purchase our search engine traffic generator. We do not register or renew domain names. We are selling traffic generator software tools. This information is intended for the use of the individual(s) named above. If you fail to complete your domain name registration [domain] search engine optimization service by the expiration date, may result in the cancellation of this search engine optimization domain name notification notice.
The upcoming implementation of the GDPR will affect how WHOIS information is shared by Registrars, and third party tools that assist with tackling cybercrime will be affected as well.
For example, the following information on a “final notice” email scammer’s domains will be impossible to obtain, once GDPR kicks in:
Operating from the email address “SOULCASERA@GMAIL.COM” this scammer owns almost 100 newly registered domains, mainly at GoDaddy. The fake WHOIS shows an address in India, but the servers are hosted in Europe, primarily in Ukraine, blasting out spam 24/7.
Here is a list of his spamming domains – report courtesy of DomainTools:
Copyright © 2024 DomainGang.com · All Rights Reserved.aero-nats.info 5/16/2018
agoracarp.de 5/7/2018
akitara.info 5/16/2018
amibito.info 5/15/2018
aminodeals.de 5/1/2018
amitybeyt.de 3/9/2018
andiordeten.de 4/16/2018
autabild.de 4/9/2018
backash.de 4/27/2018
badewalelett.de 5/11/2018
bagatele.club 5/16/2018
bdserviceage.de 5/10/2018
bitdservice.de 2/17/2018
bitstring.info 3/27/2018
bllly.info 5/16/2018
bloghaye.info 5/15/2018
bluetost.club 5/16/2018
budgetview.online 5/16/2018
campforkeps.info 5/12/2018
carlinec.info 5/15/2018
ciaspres.de 4/3/2018
defungen.info 5/12/2018
dewboca.info 5/12/2018
domigo.info 5/15/2018
egsdb.online 5/16/2018
elverycotty.info 5/12/2018
etropace.de 5/15/2018
exhosts.co 5/14/2018
fbdemos.info 5/15/2018
feazone.online 5/16/2018
fimasblon.co 5/16/2018
fitnessndiet.de 5/4/2018
gearupp.info 5/12/2018
geohike.de 3/27/2018
gixoler.info 5/15/2018
goldenpags.info 5/12/2018
greewsolde.info 5/15/2018
guidetowork.club 5/16/2018
hopshake.de 5/13/2018
hydieads.info 5/15/2018
imposdeal.info 5/16/2018
jisuifan.biz 5/15/2018
kanto-dell.de 2/19/2018
kupi-mob.info 5/12/2018
lead-empire.de 2/17/2018
ligtspeck.de 5/1/2018
lmph.de 4/30/2018
manybugs.info 5/12/2018
memos.biz 5/14/2018
mobzaik.online 5/15/2018
mogdozor.info 5/12/2018
mywebhostcare.de 3/6/2018
neemsartirth.de 2/19/2018
netpens.club 5/16/2018
noogler.de 5/13/2018
notifyexpiry.de 5/7/2018
offerdrive.de 4/30/2018
officenet.info 5/16/2018
peatech.info 5/16/2018
portusers.info 5/15/2018
preceler.de 4/30/2018
quicksync.club 5/16/2018
readnowme.info 5/16/2018
rosewilltre.de 5/16/2018
sailslaw.de 5/7/2018
salforce.de 5/14/2018
samegdaddy.de 5/4/2018
saudint.info 5/15/2018
servicebdage.info 5/12/2018
spidersl.de 5/7/2018
sslwise.info 5/15/2018
stone-accer.de 3/9/2018
studdieoy.de 5/6/2018
stukbeter.de 5/7/2018
succesmet.de 4/12/2018
swatce.info 5/15/2018
tentenform.de 5/7/2018
thegossip.de 5/4/2018
thepretymus.de 5/7/2018
ticklefight.info 5/16/2018
trivalog.co 5/16/2018
twowayedu.de 5/7/2018
urwbsite.info 5/12/2018
valprimer.info 5/12/2018
vasilake.de 4/17/2018
vehicle-ref.org 5/15/2018
virnotify.info 5/12/2018
virticallmob.de 2/19/2018
wamericna.de 5/16/2018
wamrican.de 4/27/2018
wedelbik.de 5/6/2018
wellshope.info 5/15/2018
widnkrag.de 5/16/2018
woolcleanr.de 5/7/2018
wordream.info 5/12/2018
yesnotify.de 4/30/2018
zerloco.info 5/15/2018
Of course, the spammer will also have difficulties sending his spam without email addresses in whois. Depending on what the interim solution looks like.
Frank – They already have info on 300+ million domains, that rarely changes. Do you change your admin email monthly?