Russian hackers: Social engineering works well when domains are involved

An auto-translated post in a secret forum that is a nest of Russian hackers, discusses social engineering and domain names.

” I made fake mail Yandex and the mass send letters on behalf of the administration with a request to change the password. Letter was with the following contents:

Dear – In support, it was reported that with your E-Mail address is sending spam. To prevent blocking of your E-Mail address and click the link to change the password to a more complex (example: 67gjsuis8) Sincerely, support Yandex”

Its author then states that his method of obtaining the passwords of email accounts jumped from 27% to 93%, once he used a domain name registered in another ccTLD, that matched yandex.

“After only 30 minutes later the first account, then the second, third and so on. The next day I go and see that of the 100 letters sent out to me, was received with only 27 accounts. Realizing that this was not enough time in the investment of 3 hours a day, I decided to improve its fake.

Improvements began with the purchase fake domain. Domain found in an unusual area and was yandex. **. Yes, the domain as a standard, but in a different area and all. The second step was to create a subdomain **, To the victim completely disappeared doubt that this is a hoax. The last step was to write a script for a mass mailing (to automatically replace to E-Mail recipient and subsequent dispatch). Spending all this $60 and one day I started to get almost 100% of all E-Mail addresses.

First test after the improvement showed that of the 100 accounts, I managed to get 93 of them. Subsequent use of the same effect. The only thing that has changed from the time I send the letters not only to users of Yandex, Rambler, but with Google. And I began to send these emails only to users from which to get the money (that is, E-Mail accounts on which there is Steam, Origin, WoT, WebMoney, PayPal accounts and some VK)”

In other words, the number of people that were fooled by a simple fishing email, reached almost 100% when the domain itself was a keyword match, regardless of the ccTLD used.

This poses an interesting argument in support of the various large financial institutions that want to move away from TLDs and ccTLDs – using, instead, their own brand name as a gTLD.

ICANN will definitely find this approach as yet another reason in favor of its scheduled roll-out of new gTLDs.

Copyright © 2023 · All Rights Reserved.


4 Responses to “Russian hackers: Social engineering works well when domains are involved”
  1. Ms Domainer says:


    I see this domain ( quite a bit in my stats.

    But I have never received an email from them.

    If anyone asks for a password in an email, it’s 100% fake. When will people get this through their thick skulls?



  2. BullS says:

    That why dot com is KING

    read “BullS”- all websites want your money directly or indirectly

  3. Lucius "Gunz" Fabrice says:

    Ms Domainer – yandex is a popular Russian search engine. Like Google, it offers emails.

    What this chap does, is to search for yandex emails that announce some sort of financial transaction, or credits for online games. He targets these emails specifically because the has a financial benefit from this type of scam.

  4. Ms Domainer says:


    Oh, okay, Lucius.

    I knew I had seen Yandex around a lot. Now I know why.



Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available