All domain holders will get no end of spam and scams sent to their domain. A favourite scam is to tell the domain holder that his domain name is about to expire. However if you read very closely in the small print at the bottom of the email ( deliberately made just about impossible to read by using a grey colour on a dark background and tiny text) , you will see it isn’t a domain expiry notice but an invitation to purchase whois domain registration. They pretend that if you don’t purchase their junk service, you won’t be found in a search engine.
A very small part of the scam does have genuine information and they play on that to lure you in.
ICANN have made it compulsory to have accurate registrants details in a whois lookup. But it is the registrar that you registered your domain with who keeps that up to date. I get genuine periodic reminders from my domain registrar to check my details haven’t changed. This is one of the reasons why so many domain holders do use Privacy Protection. To protect themselves from these scams. The scammers troll through publicly available whois information and send to as many domain name holders that they can find.
Email looks like:
From: Domain Information <firstname.lastname@example.org>
Date: Sat 01/04/2017 12:49
Subject: dvk01.com Expiration
IMPORTANT NOTICE REMINDER
International Whois Domain Protection Agency
Purchase Solicitation Expiration Date: 04/08/2017
Derek [redacted], Derek[redacted] [redacted] IG10 [redacted], Loughton
Dear Derek [redacted],
As of January 1, 2014, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications. Your domain name dvk01.com is pending for Whois protection registration. This solicitation is to inform you that it’s time to send in your whois domain protection registration for 04/08/2017. Failure to complete this order by 04/08/2017 may result in the cancellation of this solicitation (making it difficult for your customers to locate you, using search engines on the web). We do not register or renew domain names. We sell whois domain protection registration.
Act today! This solicitation for dvk01.com will expire on 04/08/2017. Act today!
Please click on
to complete your payment
Domain Name: Protection Registration: Price: Term:
dvk01.com 04/22/2017 to 04/22/2018 $64.00 1 Year
Please click on
to complete your payment
Instructions and Unsubscribe:
You have received this message because you elected to receive special notification offers. If you no longer wish to receive our notifications, please unsubscribe here or mail written request to Datacollect Inc, Fort Lauderdale, FL 33309. If you have multiple accounts with us, you must opt out for each one individually in order to stop receiving whois domain registration solicitations. We are a whois domain registration company. We do not register or renew domain names. We sell whois domain registration. This message is Can-Spam compliant. This is not a bill or an invoice. This is a whois domain registration purchase offer. Your are under no obligation to pay the amount stated unless you accept this purchase offer. This message contains promotional material strictly along the guidelines of the Can-Spam act of 2003. We have distinctly mentioned the source mail-id of this email and also disclosed our subject lines. They are in no way misleading. Please do not reply to this email, as we are not able to respond to messages sent to this address.
For some reason using Outlook, the links don’t work, but do when opened in a browser or via webmail.
The links go to <http://www.dvk01com.hookwhois.org/?d=dvk01.com&p=04-22-2017> where I saw this page
OK lets see what happens when I select 1 year and press credit card.
Ah, I get sent to what they laughingly call a secure SSL page to enter all my details. Look carefully and you the url at the top of page is to a plain simple insecure http: page not a secure https page. No way anybody will put personal information and a credit card number in an insecure page ( or will they ) Obviously some victims do, otherwise these scams wouldn’t work and continue.
Proving even more this is a scam, just take a look at their snazzy home page where they pretend to be the International Whois Protection Agency
Any domain you try to look up in their whois lookup gives an Error Code: 105732. Please return to the home page message
A lookup on the ICANN Whois page gives me the details of the scammers, or least it gives details of a Chinese entity, that I have no way of knowing is true. It might be a genuine name and address or fake. A quick google search shows these details used in hundreds of domains.
You can see this scam domain was only registered on 20 March 2017, so hopefully not too many victims will have fallen for this scam
Domain Whois record
Queried whois.publicinterestregistry.net with “hookwhois.org“…
Domain Name: HOOKWHOIS.ORG Registry Domain ID: D402200000001832496-LROR Registrar WHOIS Server: Registrar URL: http://www.net.cn Updated Date: 2017-03-20T08:25:09Z Creation Date: 2017-03-20T02:51:45Z Registry Expiry Date: 2018-03-20T02:51:45Z Registrar Registration Expiration Date: Registrar: Hichina Zhicheng Technology Limited Registrar IANA ID: 420 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: Reseller: Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Registry Registrant ID: C190841458-LROR Registrant Name: Liu Fei Registrant Organization: Liu Fei Registrant Street: Le Jia International No.999 Liang Mu Road Yuhang District Registrant City: Hangzhou Registrant State/Province: Zhejiang Registrant Postal Code: 311121 Registrant Country: CN Registrant Phone: +86.57185022088 Registrant Phone Ext: Registrant Fax: +86.57186562951 Registrant Fax Ext: Registrant Email: email@example.com Registry Admin ID: C170754121-LROR Admin Name: Nexperian Holding Limited Admin Organization: Nexperian Holding Limited Admin Street: Le Jia International No.999 Liang Mu Road Yuhang District Admin City: Hangzhou Admin State/Province: Zhejiang Admin Postal Code: 311121 Admin Country: CN Admin Phone: +86.57185022088 Admin Phone Ext: Admin Fax: +86.57186562951 Admin Fax Ext: Admin Email: YuMing@YinSiBaoHu.AliYun.com Registry Tech ID: C170754121-LROR Tech Name: Nexperian Holding Limited Tech Organization: Nexperian Holding Limited Tech Street: Le Jia International No.999 Liang Mu Road Yuhang District Tech City: Hangzhou Tech State/Province: Zhejiang Tech Postal Code: 311121 Tech Country: CN Tech Phone: +86.57185022088 Tech Phone Ext: Tech Fax: +86.57186562951 Tech Fax Ext: Tech Email: YuMing@YinSiBaoHu.AliYun.com Name Server: F1G1NS1.DNSPOD.NET Name Server: F1G1NS2.DNSPOD.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of WHOIS database: 2017-04-01T13:32:11Z <<<
The company Nexperian Holding Limited is obviously intended to be mistaken for the genuine Experian ltd which is a UK based company specialising in financial management and credit scores.