Scammers have mimicked one of Australia’s leading domain registrar and web hosting companies, Crazy Domains, in a phishing email currently being blocked by MailGuard. The fake renewal email targets vulnerable customers, mainly small businesses, who are told that they are at risk of having their account suspended if they do not update their credit card details, creating urgency for customers that need to ensure that their website is running, particularly during to the busy holiday period upon us.
The email arrives with the subject heading ‘LAST REMINDER: Your account might be suspended’ advising the recipient that ‘one or more of items’ in their Crazy Domain account could not be renewed. Scammers have tried to copy the friendly tone of messaging used by the company; the victim is further advised that their credit card was charged $14.95 but failed. The logo and a copyright message is used to feign authenticity, however upon close inspection, one can spot grammatical errors hinting at the scam-like nature of the email.
Here’s what the email looks like:
Clicking on the ‘RENEW NOW’ button takes the user to the first phishing page below that asks for their Crazy Domain login credentials, email address, and password. Once entered and submitted through the ‘LOG IN’ button, these details are harvested by the attackers. Scammers have included a professional-looking image, the company logo as well as support and contact details at the footer of the page to make it look authentic.
The second phishing page featured below, asks the victim for their credit card details. Once again, scammers have included a company contact number and messaging on a professional-looking page to trick users into providing them with their sensitive credit card information.
After submitting these details, victims are asked to verify their credit card details by entering an OTP (one-time-password) code. This fake verification process is used by cybercriminals to trick the user into thinking that they are dealing with the actual company.
Crazy Domains provide the following advice in relation to phishing scams purporting to be from them:
“At Crazy Domains, we do not send any notices regarding your domains without your account number or invoice number in the email, and will always address you by name. Please check for these details in emails you receive from us to confirm they are real.
Crazy Domains do not send our customers notices with links to download files regarding your domains.
If you are ever in any doubt about any email you receive you should check the email headers to determine the source and return path for the email address. If this information does not match with what you expect, that should be a warning”.
For more information, visit: https://www.crazydomains.com.au/learn/domain-phishing/
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.