This started off with a simple spam email trying to persuade the recipient to sign up for a course dealing with GDPR. So far so good. We see loads of spam & borderline spam from various companies, individuals, Government Departments and newsletters. GDPR is an important subject and ALL of us do need to learn more about it and how to comply.
The email quite honestly looks like it was designed by a 10 year old from the 1980’s using Frontpage. I am sure that if modern email clients allowed flashing images & sliders, they would have added them as well. The multitude of rainbow colours actually detracts and shouts spam & incompetence.
The email didn’t have a link to a website but does have a mailto: link mailto:email@example.com?subject=Please%20send%20me%20the%20free%20course%20
I have replied to the email and wait with baited breath to see what scam, malware or other junk gets sent back to me.
Being the usual inquisitive person I am, I decided to see who or what cyberservices.com are.
A quick look up shows the domain has been around for over 22 years. That is really old in internet terms and even older than Google, Facebook etc and would make them one of the internet pioneers. It looks like cyberservices.com are owned by mail.com who in turn are owned by web.com who provide free email services. Both are part of the 1&1 group as far as I can tell.
There are google searches going back many years about scams, phishes and malware spreading using cyberservices.com as an email address or email domain.
Queried whois.internic.net with “dom cyberservices.com“…
Domain Name: CYBERSERVICES.COM Registry Domain ID: 3082762_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.register.com Registrar URL: http://www.register.com Updated Date: 2017-03-31T20:01:40Z Creation Date: 1996-05-13T04:00:00Z Registry Expiry Date: 2021-05-14T04:00:00Z Registrar: Register.com, Inc. Registrar IANA ID: 9 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: PDNS1.ULTRADNS.NET Name Server: PDNS2.ULTRADNS.NET Name Server: PDNS3.ULTRADNS.ORG Name Server: PDNS4.ULTRADNS.ORG DNSSEC: unsigned
I tried to visit the website in Internet explorer but got a constant redirect chain until IE gave up & just gave a white page. Same in Firefox. But Chrome redirects a few times and tries to install a scummy malware / adware /grotty search diverter extension.
I am guessing somebody has compromised the DNS services used by mail.com, because generally trying a domain that is used as one of their free email services will send you to a sign up page where you can chose which free email address you want.
Original email looks like :
Trying to connect to cyberservices.com gives this series of events
Pressing cancel eventually directed me to A Hungarian Cybersecurity company cyber.services
When I tried again. I only get a blank page in chrome, no diverts or no extension trying to be installed. using view source, I get