I have noticed a few suspicious emails recently and people have forwarded me copies of an email appearing to come from Network Solutions Tech Support. This email is fake (here is the notice from Network Solutions).
The only reason I am posting this as a tip is because several people have forwarded me this email telling me to make sure our domain information gets updated, so if they are believing it others probably are too.
One thing you will notice when you click on the link in the email is it takes you to a fake domain which ends with “.sys58.biz”. This is all you need to know to see it is a fake. The scammers simply mirrored the network solutions home page (ironically, it has the phishing scam warning on their page) and are redirecting your login information to their database, so they can log in as you and steal your domains by transferring it to them.
If you get this email, delete it.
For your reference, here is a copy of what the email looks like. I have seen several slight variations but they all link to the same page:
Subject: Inaccurate Whois Information / Your Domain Is In Transfer / Your Domain Is About To Expire
Dear Network Solutions® Customer,
On Fri, 31 Oct 2008 11:36:29 +0200 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.
Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.
To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:
1. Log in to Account Manager at: http://www.networksolutions.com. <- This links to a fake domain ending in “sys58.biz”
2. Click on the “Profile & Accounts” tab in the left navigation menu to be taken to a page listing your account details.
3. Click on “Accounts” and select the account you wish to edit.
4. Click “View/Edit WHOIS Contacts” to make your updates.If you believe someone requested this change without your consent, please contact Customer Service.
If you would like to order additional services or to update your account, please visit us online.
Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.
Sincerely,
Network Solutions® Customer Support
Jason Faulkner is the man who brings you our daily tips. He is based in Atlanta, Georgia.
![Jarte, The Ultimate Lightweight Word Processor? [Video]](/videothumbs/jarte.jpg)
This problem is getting out of control, this problem is also been seen in the postal service where phishers sends post cards with fake companies just to get your money. Fake phone calls is another problem making the person believe he or she won something asking them to send money to get their prize, so this mean computer viruses is thing of the past and phishing is the cool thing now.
The fake email has been updated so the scammers are still at it. It now links to info1.networksolutions.com
I just received an email to update my NS account. It was very real looking but it was going to info1.networksolutions.com/ without any extra .com or .cn on the end.
How does the phisher redirect a sub-domain like this?
Here is the actual link:
http://info1.networksolutions.com/r/QTJT/RPSS0/F9VX08/8MYRN/NFFAK/4O/h
“networksolutions.com” is not misspelled. How do they do this? i have not been able to look at the source code of the email to see if the link is being further changed.
An additional bit of information to my first post of 4:04 pm, I put in the URL:
http://info1.networksolutions.com/r/QTJT/RPSS0/F9VX08/8MYRN/NFFAK/4O/h into FireFox 3.0
And it resolved to: https://www.networksolutions.com/manage-it/index.jsp?... < with FireFox authenticating the domain as “Network Solutions LLC”.
Yahoo! email authenticated the domain keys as OK also. It would seem that this email is authentic.
I believe the email was sent from e-dialog.com who does these kinds of email broadcasts for large companies.
I would still never click on a link in an email to do anything like this. Network Solutions should change the email and remove any links to their site.
I forwarded Network Solutions the email and they told me it was genuine. However, the original mail they sent smells too fishy as it does not address you personally by name and the link looks tampered with. It has the classic look of phishing and they should know better. I refuse to open the links.