19 Mar Is this domain notification legit or is it a scam?
If you own any domain names you’ll most likely find an email like the following show up in your junk folder around the expiration date:
Domain SEO Service
EXPIRATION OFFER NOTIFICATION
Notification Purchase Offer
PURCHASE EXPIRATION DATE: 03/26/2017
To: AARON WESTON, NORTHERN PROTOCO
331 BAYFIELD ST|SUITE 210
ONTARIO, L4N 9R3, CA
SEO Service Enrollment: 04/09/2017 to 04/09/2018
Term: 1 Year
SECURE ONLINE PAYMENT
Domain Name: *************.com
Dear AARON WESTON,
This purchase expiration notification offer advises you about the search engine optimization submission expiration of your domain **********.com . The information in this purchase expiration offer may contain confidential and/or legally privileged information from the processing department of Domain SEO Service to purchase our search engine traffic generator. We do not register or renew domain names. We sell traffic generator software. We offer a high quality search engine optimization service that keeps your site ranking high. This information is intended only for the use of the individual(s) named above.
Non-completion of your domain name search engine optimization service submission by given expiration date for ***********.com , may result in the cancelling of this search engine optimization notification offer
PLEASE CLICK ON
SECURE ONLINE PAYMENT
TO COMPLETE YOUR PAYMENT
Failure to complete your *******.com domain name submission search engine optimization service may make it difficult for customers to find you online.
CLICK UNDERNEATH FOR IMMEDIATE PAYMENT
PROCESS PAYMENT FOR
SECURE ONLINE PAYMENT
This domain name submission for ***********.com search engine service optimization notification offer will expire 03/26/2017.
Instructions and Unsubscribe:
You have received this message because you elected to receive special notification offers. If you no longer wish to receive our notifications, please unsubscribe here or mail written request to Domain SEO Service Registration Corp., Miami Beach, FL 33139. If you have multiple accounts with us, you must opt out for each one individually in order to stop receiving SEO notices. We are a search engine optimization company. We do not register or renew domain names. We sell traffic generator software. This message is CAN-SPAM compliant. THIS IS NOT A BILL OR AN INVOICE. THIS IS A SEO PURCHASE OFFER. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED UNLESS YOU ACCEPT THIS PURCHASE OFFER. This message contains promotional material strictly along the guidelines of the CAN-SPAM act of 2003. We have distinctly mentioned the source mail-id of this email and also disclosed our subject lines. They are in no way misleading. Please do not reply to this email, as we are not able to respond to messages sent to this address.
Here is what the domain seo scam email looks like:
WHAT TO KNOW
The quick answer is that this is a phishing scam to steal your credit card information. There are several warning signs:
Repeating key points three times or more is a known sales tactic. Whenever you see this happening in an email be extraordinarily cautious. In order to ensure you will consider something as part of your purchase decision I need to repeat the concept three times or more during the course of the conversation. They repeat the idea of expiration seven times. They repeat the domain seven times. They repeat the date three times. They repeat “Secure online payment” three times in a desperate attempt to convince you that they are somehow legitimate and not going to scam you.
The email says that it’s someone from Miami, but in reality these SEO scammers are from China. The domain hosting this scam is DOMAINSINSIDE.ORG. The registration information for this scammer is:
Domain Name: DOMAINSINSIDE.ORG
Registry Domain ID: D402200000001201546-LROR
Registrar WHOIS Server:
Registrar URL: www.west263.com
Updated Date: 2017-03-07T03:45:47Z
Creation Date: 2017-01-05T07:37:44Z
Registrar Registration Expiration Date: 2018-01-05T07:37:44Z
Registrar Registration Expiration Date:
Registrar: Chengdu West Dimension Digital Technology Co., Ltd.
Registrar IANA ID: 1556
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: C187621298-LROR
Registrant Name: liu feng
Registrant Organization: liu feng
Registrant Street: xiangzhouqucuixiangjiedao311hao
Registrant City: zhuhai
Registrant State/Province: Guangdong
Registrant Postal Code: 519000
Registrant Country: CN
Registrant Phone: +86.75630871127
Registrant Phone Ext:
Registrant Fax: +86.75630871127
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID: C187621299-LROR
They insist that it’s “CAN-SPAM” compliant. I always use that as a warning sign. If they have to state it chances are better than average that the opposite is true. In this case there are several reasons why this is not true, not the least of which is the requirement to use a legitimate full and complete physical mailing address.
It is an illegal solicitation. They are not allowed to scrape registration information from WHOIS to scam people but they do it anyways.
None of the information is legitimate, nor is the method by which it is presented or the method used to fool you into giving your credit card information. Your site visibility will not change if you ignore their fraud. It will not disappear off the internet or out of the search results by disregarding this “offer”.
If you click on the “secure online payment” link you will see this automatically generated page which passes the domain and “expiration date” variable from the link in the email to create it.
If you click on any of those buttons it will take you to a “payment” page. This is not a proper payment gateway. It’s a phishing gateway. Remember how they repeated several times that it’s secure? It’s not. Notice Google Chrome’s warning in the address bar that it’s not a secure site. I put in completely fake information:
And I get the message that my payment was successful. Literal translation: The phishing scammers now have fake credit card information to do with whatever they please.
WHAT TO DO
Do not click on the unsubscribe link. That simply tells them you’re alive and they’ve hit a live email address.
Do not give them your credit card information. It is being phished to use for credit card fraud.
They say “Act immediately”. Take them up on their offer by flagging the email as SPAM and deleting it.
Bonus points: Report them to the FTC for CAN-SPAM violations.