alert Bogus Emails Impersonating Escrow.com

[jberryhill]

Someone is using the domain name avst.email in order to impersonate Escrow.com.

The scam works like this:

1. You receive a great offer on a domain name, accept and sign an agreement to use Escrow.com and split the fees.

2. The buyer says they will set up an escrow.com transaction.

3. Unlike the usual escrow.com process flow, you will receive an email from "Escrow.com" asking you, the seller, to pay a transaction fee before they process and set up the transaction. They will include wire transfer instructions for payment of this fee to a bank account that has nothing to do with Escrow.com.

They do this using an email address of (person)@escrow.com.avst.email and the emails claim to be protected by AVAST! security software.

I was informed by someone who became curious, and started receiving some hilarious emails from "escrow.com":

 

[Furquan]

Thanks for reporting

 

[biggie]

Hi Sir

Thanks for reporting this.

it is imperative to "read" each word in such emails.

sentences like : "The transaction has only be initiated on Escrow.com" are improper.
and Escrow would not write such sentences.

imo....

 

[decades80]

Thank you for reporting this. I also think that 99.9% of the receivers of this email check the web address from which the email was sent out and domainers easily spot sub domains. Anyway thanks for being vigilant.

 

[GoKaizen]

...

 

[BaileyUK]

It is only the most gullible that would fall for this kind of bogus email and unfortunately they are the same people that would fall for just about any fraud.

The interesting part for me is just how many spoof offers must be preceding this payment scam. As xynames and myself have pointed out they are certainly on the rise. Bit of due diligence and you can normally nip them in the bud at the offer stage. So of course these so-called offers always originate through direct email and never through the regular sales channels. I note there seems to be a few requests for appraisals appearing on NP's that appear to follow this direct contact method. Hope they take the time to read this warning.

 

[VivifyDomains]

Escrow has some guidance around this topic on their website as well:

https://www.escrow.com/what-is-escrow/fraud-prevention

 

[HotKey]

I was looking for something on Gobble recently, and in a moment of frenzied clicking clicked a result without actually looking at the source url and suddenly my computer screen went hazard and OMG call this number to recover your PC. It wouldn't let me close the page and crazy sounds were strumming my pain with it's fingers.

I reached around to the back of the computer and pressed the off switch, then turned it back on. All good. Hopefully there's no keylogger installed now, but whatevs it's only my personal data.

Moral of the story is, click with caution. Hover over, inspect the source or simply use your noggin. Most wolves are discoverable at a glance. When in doubt, bypass the email or url and log in directly from your trusted bookmark/source, all will be revealed.

 

[BaileyUK]

That's what you get for visiting questionable sites. Must admit Windows is now very good at taking a power off and recovery option (A recovery which you don't want) In the early days that would have left you with a corrupt hard-drive and all the pain that goes with it.

Remembering the old days when Software companies made a fortune selling mirror catch software by date and even time to recover you from all that porn that suddenly flooded the early internet. Not to mention the kids possibly checking your history files.