ryan29
Established Member
- Impact
- 65
Hi. This isn't a question about buying or selling, so I hope it's ok.
Is there anything I can do about a domain that was registered to impersonate an existing domain? Someone recently registered the domain of a local business that I know and is using it to (attempt to) commit fraud. The bad actor compromised one of the businesses email accounts not too long ago and did the following:
Can I ask ICANN to do anything or do I need to ask the registrar first? Is there any point in trying to contact the DNS or email host since it's trivial for the fraudster to move the domain to new hosts if they get banned from the existing ones?
Is there anything else I should be aware of or watch out for?
Is there anything I can do about a domain that was registered to impersonate an existing domain? Someone recently registered the domain of a local business that I know and is using it to (attempt to) commit fraud. The bad actor compromised one of the businesses email accounts not too long ago and did the following:
- They registered a lookalike domain. Think `example.com` instead of `examples.com`.
- They selected a message chain with an invoice and payment instructions.
- They replied to the message chain using the fake domain to impersonate all the users involved.
- They asked the recipient to update bank account info for a large payment (>$100,000).
- They set up some odd forwarding from a 3rd domain and triggered a large volume of bounced messages that were forwarded to the impersonated businesses' users. This was done on a Friday. I assume the intent was to bury the users in junk mail to reduce the odds of them catching the fraud. I'm guessing the address used for this is a compromised account.
- The registrar (`onamae.com`) doesn't appear to be English speaking, so I'm going to have a tough time communicating with them. I think they're in Japan, but I'm not sure.
- I think the DNS is hosted in Lithuania (`monovm.com/`).
- I can't figure out who hosts the email. The MX records are for `us2.mx1.mailhostbox.com`, etc. which redirects to an American company (`newfold.com/`) that owns a bunch of hosting providers.
Can I ask ICANN to do anything or do I need to ask the registrar first? Is there any point in trying to contact the DNS or email host since it's trivial for the fraudster to move the domain to new hosts if they get banned from the existing ones?
Is there anything else I should be aware of or watch out for?
Last edited: