Business technology

Email scams: a case study

- March 2, 2012 2 MIN READ

Recently I received an email that made me suspicious. Someone wrote to me from ‘a domain name registration and dispute organisation in Asia’ and asked me to confirm whether I’d authorised a particular company to register several domains related to my business name and website URL.

If yes,’ the email from Kevin continued ‘we will complete the registration on these domain names… Or you do not even know this company whatsoever? I want to confirm whether you are the corporate representative of your company. If you are, I will feedback some problems to you; if you are not, please forward my letter to your company’s corporate representative or administor (sic). In order to deal with this issue better, please contact us as soon as possible.

I decided to investigate this a little further and started by Googling the company named in Kevin’s letter. That yielded no significant result either negatively or positively.

I then checked the links provided in the email to the website of the company that Kevin worked for. Strangely they checked out. Kevin’s employer had a legitimate looking web site and really seemed to be doing what he said they were.

Theoretically the domain names I have registered for my business are protected by the fact that they are registered through legitimate Australian registrars and web hosts. However, it still concerned me that some possible third party fraudster could be trying to hijack my domains through an innocent foreign registrar by claiming them as their own and instigating a dispute over the ownership.

Want more articles like this? Check out the managing email section.

Carefully and with some reservation I decided to reply to the email, telling Kevin that I owned the domains and had no relationship with the company he’d named, and that any such registrations should not be allowed.

It was Kevin’s reply that revealed the true nature of the email scam. He tried to bamboozle me with techno jargon, as he’d already done in his first email, but this time the story changed. It morphed into one about protecting my brand by buying up country-specific versions of my domain name before the company he’d referred to could get their hands on them.

Kevin was clearly trying to scare me into buying domain names that I don’t want and don’t need. I’m sure the next step would have been to ask for my credit card number, and there was no way I was giving him that info. Instead, I waited for his next move, which was a follow up email asking me about the delay in responding.

Since he already had my email address and I divulged nothing else along the way, I decided to reply to his latest email assertively, letting him know that I was aware of what he was up to, had forwarded his details to the relevant authorities, and was prepared to take legal action if my domain names are compromised by his activities. So far, no response!

For me the scary thing about this email scam was that Kevin’s email, the company web site and all the usual suspect things seemed believable… not necessarily true, but possibly true. A personalised, believable lie is a very hard thing to ignore. A lie that impacts upon your reputation and business is even harder to ignore and does deserve some further investigation and shutting down where possible.

Have you been the recipient of email scams too? What red flags do you recommend we look out for?