I got an email today for one of my sites. I’ve unlinked the links for your protection. Also, when I copied and pasted it from my email client, I discovered an exciting little invisible iframe at the bottom that was, I’m sure, designed to infect my computer. I’m calling this one the ICANN Domain Abuse Email Scam.
Dear Domain Owner,
Our system has detected that your domain: Snappyliving.com is being used for spamming and spreading malware recently.
You can download the detailed abuse report of your domain along with date/time of incidents. Click Here
We have also provided detailed instruction on how to delist your domain from our blacklisting.
Please download the report immediately and take proper action within 24 hours otherwise your domain will be suspended permanently.
There is also possibility of legal action depend on severity and persistence of your abuse case.
Three Simple Steps:
1. Download your abuse report.
2. Check your domain abuse incidents along with date and time.
3. Take few simple steps for prevention and to avoid domain suspension.
Click Here to Download your Report
Please look into it and contact us.
Domain Abuse Dept.
Tel.: (139) 729-59-00
Detecting the ICANN Domain Abuse Email Scam
The domain it used to host the supposed abuse report was report[dot]icann[hyphen]org, so it looked pretty legit in many ways. ICANN is the non-profit that handles all domain names on the internet.
But the email address that had sent the email was: poppy-kelly[at]icann-monitor[dot]org. It seemed suspicious that the email wasn’t simply from “icann[dot]org”, as surely any real employee’s email would be.
I immediately Googled my site. Sure enough, Google still listed the site and cheerfully sent me there with no malware warnings. Google is very good at detecting malware on websites.
My anti-virus and Web of Trust plugin still gave my site the green light. Plus, I host with Tigertech, and they are very good at screening out malware.
As I looked over the email for more clues, heart pounding in a panic, I realize that phone number looked bogus. So I Googled it and found this page, which details the very same scam, only back then it was coming from domaincop[dot]net:
From my research, this appears to be 100% fake, if you receive similar emails from domaincop.net please do not click on any of the links!
Some people did click the links, and said it took them to a dead page. But don’t click them, because who knows what will happen. Just delete that email and get on with your life.
I’ve also gotten confirmation from TigerTech that this is bogus. They referred me to this forum discussion from 2010. So this scam is very old, and the only change is that they’ve altered the domain name to a more reputable sounding one.
While I can’t find any information on the “icann-monitor[dot]org” version of this scam, which suggests it’s very new, it’s not even plausible that the phone number in the email traveled from “domancop” to “icann”.
There’s another version of this scam in which the email appears to be coming from your domain registrar. Whatever form it comes to you in, don’t get taken in by this ICANN domain abuse email scam.