VentraIP customers are being targeted in a new domain renewal scam which aims to steal credit card details and your VentraIP credentials. Domain renewal scams are incredibly common and take shape in a few different forms. Often, scammers will send a fake invoice for a domain’s renewal and hope that someone will pay without checking their accounts. In more sinister scams, as is the case for the one shown below, victims are tricked into believing they’re entering their credit card details in order to renew their domain, which can lead to fraud.
The subject line for the email that MailGuard is now blocking is “Your domain name has [company domain] EXPIRED !”, and the sender name reads “Ventraip.com.au”, although the email is actually coming from “contact(at)bergamottodicalabria(dot)net”, which is not associated with VentraIP.
The email uses VentraIP branding, and also uses the recipient’s domain address to add some personalisation. A bold warning of “Last chance!” is followed by “Save your domain!” which is written in red to draw the eye. The recipient is then advised that their domain has expired and if it’s not renewed, it may be registered by someone else. They’re then directed to press a button which says, “Express Renew”.
By using wording such as “Last chance!”, “please contact us ASAP before someone else registers it”, “You can quickly and easily renew”, and capitalising words like “EXPIRED” and “DELETED”, the scammers are pushing a sense of urgency, which may cause the recipient to act quickly without thinking.
Here’s an example of the email:
Clicking the button in the email takes the recipient to a phishing site which replicates the VentraIP sign in page. It’s incredibly well crafted, and the scammer has even taken care to use a URL which begins with “vetraip-portal-service”, which is likely to fool more victims into believing the page is authentic.
The page asks the user to enter their email address and password that’s associated with their VentraIP account, which will then be stolen by the scammer. With these details, the victim’s domain may be used in a different phishing scam, or the hacker may be able to reach out to their contacts.
After “logging in”, the victim is taken to a Payment screen, where they’re informed the total owed is $14.75 - an amount that most people wouldn’t question in order to save their domain. They’re instructed to enter their:
Then, after entering their credit card details, the victim is taken to a verification page and asked to enter the one-time passcode that’s been sent to their mobile number. At this stage, the scammer is most likely attempting to charge the card to check that the details are legitimate, and they will then be stored for later use.
VentraIP have recently shared that they are seeing a dramatic increase in the number of scams where they are impersonated, most likely due to their large customer base and trusted name, and offer the following advice:
You can do three essential things to ensure that the email is valid.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.