VentraIP, which is a provider for domain names and website hosting, is being mimicked in a sophisticated new phishing scam which is now being blocked by MailGuard. If you’re a VentraIP customer, make sure to continue reading so you know what to look out for, otherwise your personal information and credit card details could be at risk.
The sender’s display name shows “VentraIP Australia” and their display email address also shows “service(at)ventraip(dot)au”. However, the “Reply to” email address is “bounce(at)strato(dot)net”, showing that it’s not a legitimate domain that’s associated with VentraIP. By using a different sender display email address, the scammers are hoping to make the email appear more authentic, which is a crafty but common tactic.
With the subject line “Refusal to renew your domain name”, the email explains that the recipient’s domain will be cancelled unless their payment details are updated within 24 hours. By adding the deadline, the scammer is putting pressure on the recipient to act quickly and impulsively, rather than applying their better judgement.
The email contains minimal branding, aside from the VentraIP logo, and directs the user to update their payment details via hyperlinked text which says “Click here to renew”.
Here’s how it looks:
When the user clicks the linked text, they’re taken to an incredibly sophisticated phishing site which is an almost exact replica of the login page used by VentraIP. Although the page is hosted on what appears to be a compromised website, the scammers have taken care to mention “vipcontrol” in the URL, which helps to make the site feel more authentic.
The user is asked for their VentraIP email address and password before proceeding to click the ‘Login’ button. These details will be stolen and stored for later use by the attacker, and will give them access to the user’s website which they could potentially use to target other victims.
After “logging in”, the user is taken to a well-designed payment page which also contains VentraIP branding. The victim is asked to pay an outstanding amount of $14.75 by entering their:
- Credit card number
- Name on card
- Card expiry
- CCV
They are then directed to click “complete order”.
Although there’s no explanation of what the fee is for, with the time pressure the victim is already feeling, it’s a low enough amount that they may not question making the payment in hopes of saving their domain.
Next, the victim is shown a ‘Visa Secure’ page while their credit card details are confirmed, although by this stage, this information has also been harvested by the criminal.
Finally, they’re taken to a page where they’re asked to enter a one-time code which is sent to their mobile number in order to verify the purchase.
VentraIP have recently shared that they are seeing a dramatic increase in the number of scams where they are impersonated, most likely due to their large customer base and trusted name, and they offer the following advice:
You can do three essential things to ensure that the email is valid.
- The email came from noreply@ventraip.com.au.
- Check that the URL is correct when visiting VIPControl (https://vip.ventraip.com.au/login/)
- You can see all your services within VIPControl before paying any invoice.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
