VentraIP customers are being targeted in a new domain renewal scam which aims to steal credit card details and your VentraIP credentials. Domain renewal scams are incredibly common and take shape in a few different forms. Often, scammers will send a fake invoice for a domain’s renewal and hope that someone will pay without checking their accounts. In more sinister scams, as is the case for the one shown below, victims are tricked into believing they’re entering their credit card details in order to renew their domain, which can lead to fraud.
The subject line for the email that MailGuard is now blocking is “Your domain name has [company domain] EXPIRED !”, and the sender name reads “Ventraip.com.au”, although the email is actually coming from “contact(at)bergamottodicalabria(dot)net”, which is not associated with VentraIP.
The email uses VentraIP branding, and also uses the recipient’s domain address to add some personalisation. A bold warning of “Last chance!” is followed by “Save your domain!” which is written in red to draw the eye. The recipient is then advised that their domain has expired and if it’s not renewed, it may be registered by someone else. They’re then directed to press a button which says, “Express Renew”.
By using wording such as “Last chance!”, “please contact us ASAP before someone else registers it”, “You can quickly and easily renew”, and capitalising words like “EXPIRED” and “DELETED”, the scammers are pushing a sense of urgency, which may cause the recipient to act quickly without thinking.
Here’s an example of the email:
Clicking the button in the email takes the recipient to a phishing site which replicates the VentraIP sign in page. It’s incredibly well crafted, and the scammer has even taken care to use a URL which begins with “vetraip-portal-service”, which is likely to fool more victims into believing the page is authentic.
The page asks the user to enter their email address and password that’s associated with their VentraIP account, which will then be stolen by the scammer. With these details, the victim’s domain may be used in a different phishing scam, or the hacker may be able to reach out to their contacts.
After “logging in”, the victim is taken to a Payment screen, where they’re informed the total owed is $14.75 - an amount that most people wouldn’t question in order to save their domain. They’re instructed to enter their:
- Credit card number
- Name on card
- Card expiry
- CCV
Then, after entering their credit card details, the victim is taken to a verification page and asked to enter the one-time passcode that’s been sent to their mobile number. At this stage, the scammer is most likely attempting to charge the card to check that the details are legitimate, and they will then be stored for later use.
VentraIP have recently shared that they are seeing a dramatic increase in the number of scams where they are impersonated, most likely due to their large customer base and trusted name, and offer the following advice:
You can do three essential things to ensure that the email is valid.
- The email came from noreply@ventraip.com.au
- Check that the URL is correct when visiting VIPControl (https://vip.ventraip.com.au/login/)
- You can see all your services within VIPControl before paying any invoice.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
