A new domain registration scam is attempting to spread malware and ransomware via email.
The emails, sent by cybercriminals in Russia and Ukraine, pretend to bear domain registration notices.
The spear-phishing email reads:
Whois Data Reminder <support@fromhost%>
Dear customer:
You have successfully registered ***.com. Order ID: [redacted]
Domain registered date: 2017-01-09
Domain expired date: 2018-01-09
If you use our company’s DNS, you can login and use our DNS Manager on our website or go to your Domain Control Panel to do domain resolution and other domain management.
Please remember that under the terms of your registration agreement, the provision of false Whois information can be grounds for cancellation of your domain name registration.
The link points to mic.qb-i.ru, a rogue or compromised Russian domain, that is hosted in Germany, with an IP of 95.169.190.222.
The domain supposedly registered does not even exist.
Such domain-related scams prey on unsuspected domain owners that are not familiar with the domain registration and email verification process imposed by ICANN 3 years ago.
The end result, can be the loss of a domain, stolen personal information, or the complete lock-up of personal computers or Android devices.