Warnings surface of WHOIS verification scam

AusRegistry General Manager, George Pongas, has warned readers of potential phishing scams related to WHOIS verification notifications that have surfaced in the new year.

In a blog on the AusRegistry site, Pongas said that while .au extensions were not directly under threat, users with .com, .net, .org and other generic TLD’s should remain alert and vigilant.

The scam surfaced after the January 1, 2014 introduction of compulsory WHOIS domain verification.

“Under requirements spelled out [by ICANN], domain name Registrars for .com, .net, .org and other generic TLDs must verify registrant contact information on a regular basis,” he said.

“The reason for this is to reduce false or missing contact information in the WHOIS database, which is a public record of domain name registration details.”

In his article for domainnamewire, Andrew Alleman spelled out the opportunity the new regulations posed for scammers.

“Effective January 1, any domain name registrar that has signed on to the 2013 Registrar Accreditation Agreement (that includes all of the big registrars) must verify certain aspects of WHOIS contact information,” he said.

“Many predicted this new requirement would lead to a new phishing opportunity, whereby scammers would send phishing email to registrants about verifying their contact information.”

The added challenge to users is not to simply ignore all such emails assuming they are a scam, as failure to respond to legitimate verification requests can result in suspended accounts.

Pongas provided further insight into the activities of the scammers:

“They use sophisticated social engineering tactics in order to steal contact information and maliciously tamper with the domain name records in the guise of these official WHOIS verification notifications.”

However, he said Australian regulations excluding the need for .au verification meant Australians were in a safer position.

“Phishing scams such as this are typically aimed at mass deception and the perpetrators cast a wide net in order to catch as many unsuspecting people as possible. This means Australian .com registrants may be targeted,” he said

“Importantly, WHOIS verification is not a requirement in .au domain name policy and if you ever receive an email requesting this you can automatically delete and disregard it.”

Pongas also lauded services offered in the Australian domain space, such as .auLOCKDOWN, that ensured clients were protected at all times.

“Services such as .auLOCKDOWN add another layer of protection to your .au domain name to ensure scams like this can never impact the integrity of your domain name assets,” he said.

“Even if your contact details are stolen, a Registry lock service like .auLOCKDOWN would mean that only authorised individuals with pre-authenticated keys can make changes to your domain name records, reducing the risks scams like this pose.”

This article is sponsored by Discount Domain Name Services, Cheaper Domains , and Information Brokers .