Mastodawn

"If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — #DomainNetworks — and some clues about who may be behind it."

This was more fun than I thought I'd have reporting it out.

https://krebsonsecurity.com/2023/07/whos-behind-the-domainnetworks-snail-mail-scam/

Who’s Behind the DomainNetworks Snail Mail Scam? – Krebs on Security

BrianKrebs Jul 3, 2023

BTW the idea for this story came from a toot from @jgordon I love tracking this stuff down, so thanks again, John!

John Gordon Jul 3, 2023

@briankrebs Thank you!

Jeff Hall - PCIGuru

@briankrebs Have not seen one of those in a very long time. Thought they had gone the way of the DoDo. 😡

AlisonW ♿🏳️‍🌈♾️Jul 3, 2023

@jbhall56 @briankrebs
Ditto. Thing is companies often see an invoice and just put it on the 'to be paid' pile without checking it fully.

Stéphane Bortzmeyer Jul 3, 2023

@briankrebs Note that it does not happen for all domain names, only those registered with a registry that distributes user data.

BrianKrebs Jul 3, 2023

@bortzmeyer yeah it's a scam mostly perpetrated against US domain holders, but there are virtual versions of this scam targeting Europeans

Stéphane Bortzmeyer Jul 3, 2023

@briankrebs Yes, it does not seem targeted against a specific side of the Atlantic ocean but against some TLDs. (It requires access to user data, after all, and its availability depend on the TLD.)

BrianKrebs Jul 3, 2023

@bortzmeyer Ah, right. Bear in mind that these scams often rely on outdated information, so you can get these scam notices even if it was for a domain you registered years ago, before everyone started restricting access to whois data.

Rob Honeycutt Jul 3, 2023

@briankrebs @bortzmeyer

The exact same thing happens all the time if you ever file for a patent. Scammers pull publicly available information for fake payment due notices.

Rob\Viewdata UK Jul 3, 2023

@robhon @briankrebs @bortzmeyer
I registered a UK Limited Company some years back. (In the end, it never traded and was deleted.) I could have filled the bin with the amount of post I got offering me various services. They were mostly financial... "free" (for five minutes) business bank accounts, merchant services, credit cards, etc.

mykie Jul 3, 2023

@briankrebs and here, I've always thought these were a roundabout scam by GoDaddy and other registrars to get domain owners to pay for their "privacy" services

Izumoo!Jul 3, 2023

@briankrebs Great read! Appreciate the thoroughness of your deep dive here, it's interesting the amount of small breadcrumbs out there that can paint the bigger picture

Mark Roszko Jul 3, 2023

@briankrebs
Unfortunately this is just a common scam targeting businesses more than individuals. It's more likely to get in front of someone processing bills at a company that has no idea what goes on.

Another form of mail scam targeting businesses is scammers mailing fake "government official" looking letters asking you to pay up for OSHA posters or Department of State copies of your incorporation and other nonsense. It's ridiculous how its not cracked down upon.

BrianKrebs Jul 3, 2023

@mroszko I love tracking this stuff down, so if you're aware of more examples please send them my way. Thanks!

Mark Roszko Jul 3, 2023

@briankrebs
I'll see if I can dig up any photos of the letters. At least in NYS, the moment you incorporate an LLC, you get targeted because the state publishes the incorporations somewhere. I don't have said LLC anymore unfortunately otherwise I would still be receiving said scam mail.

@briankrebs OMG wait until you register an LLC in the United States.. endless scams

Travis Jul 3, 2023

@codemonkeymike @briankrebs Or buy a house. Or anything else that puts your information into a public registry...

Gearlicious Jul 3, 2023

@briankrebs 10ish years ago I've received a similar scam letter from "Domain Registry Of America" that looked much more sinister and had a smaller "this is not a bill" escape hatch. My reply to them was a cease and desist letter and never heard from them since. Over the years, all my domains (and new ones) now live with @njalla

ARC Jul 3, 2023

@briankrebs i use a privacy service to hide my DNS details but I wish it weren't necessary to even do that.

Todd Knarr Jul 3, 2023

@briankrebs I get them via email these days, usually a couple a year. I deal with them like any bill: if it's not from a company I do business with for whatever is in the bill, it goes in the pile to be shredded and dumped in the recycling bin.

The Evil Microwizard Jul 3, 2023

@briankrebs Damn, that scam's been going on since before the turn of the century!

Jared Rimer Jul 3, 2023

@briankrebs Brian, I've received emails about the fact my doamin was to expire, a rediculous cost, and saying I had so long to complete it. Problem was, the domain wasn't to be renewed for some time, and when looking at the web site, it said it was $175 or something when I pay $10-$15 for the renewal. I've gotten several for jaredrimer.net through the years. I'll have to rad your story, but just replying to your post because while you talk about mailings in the mail, I've seen the same. My provider has said it was spam when sending them a copy of said email.

Andy 'Bob' Brockhurst

#domainnetworks
I've not had one of these in a very long time. Surprised it's not the same gang that used to run "Domain Registry Of America" back in the 90s/00s.

They used to send prepaid air mail return envelopes, used to fill them up with the contents of all the junk mail out of the bin and send them back.

iceCalt Jul 3, 2023

@briankrebs FaughnanCOM DBU31841 is that censored?

BrianKrebs Jul 3, 2023

@iceCalt idk i didn't post this image or censor it.

iceCalt Jul 13, 2023

@briankrebs Fair point.

Wendy Lady Jul 3, 2023

@briankrebs the great things about being poor and having a crippling anxiety when it came to paying big bills like this most of my life is that I could never afford to send a check to scams like this. Now that I don't have that same crippling anxiety and I know more about the scams, and I have a decent wage, I am very protective of my finances and am super careful before I spend a single dime on anything.

Sean Jul 3, 2023

@briankrebs I am not sure if they are still operating, but we had one here in Canada that went my the name Domain Registry of Canada which made their letters look somewhat like official government documents. It was an incredible scam that I had clients fall prey to. #scams #domains #tech

Kristian Tapaninaho Jul 3, 2023

@briankrebs have you ever registered for a trademark? The amount of scam letters on the back of that is totally crazy.

Wilhelm Fitzpatrick Jul 3, 2023

@briankrebs oh groovy! I got one of these just a few days ago.

Michael Richardson Jul 3, 2023

@briankrebs what has astonished me over twenty years of this, is that the TLD operators know exactly who is doing this, and they seem unwilling to take any action. I even asked twice at CIRA AGMs.

Travis Jul 3, 2023

@briankrebs These scams are just for large companies. Send it in hopes that it goes to a faceless Accounts Payable department who mistakes it for domain registration and pays up.

Cat West Jul 6, 2023

@travis @briankrebs Nope. They send them to small biz operators too.

Travis Jul 7, 2023

@Catawu @briankrebs Yes, they’re not combing through WHOIS and picking large businesses out. They’re throwing a pot of spaghetti at the wall. And sadly, more spaghetti sticks to the wall otherwise they wouldn’t keep doing this.

Cat West Jul 7, 2023

@travis @briankrebs yup.

Todd Knarr Jul 3, 2023

@briankrebs As it happens, I live in Renton, WA. If you have the address of their office there, I'd be happy to drop by it and see what's actually there.

DB Schwein Jul 3, 2023

@briankrebs
That's one of the many reasons I suggest Tigertech as a hosting company to everyone who asks me. They include your domain renewal, and everything else, in *one* bill you either pay monthly or annually. You never have to question whether a charge is real, because if it's not directly from TT, it's fake.

Hunter Perrin Jul 3, 2023

@briankrebs At one point when I was younger and more juvenile, I owned worldwidevagina dot com. It was funny getting snail mail addressed to that domain.

Resuna Jul 4, 2023

@briankrebs I got one of those from Verisign DBA Network bloody Solutions. Domain transfer disguised as a renewal.

Zoidberg Rodríguez Jul 4, 2023

@briankrebs awesome! Yeah I got tons of those in my IT life. Let’s see where you ended up, quite curious about this.

Adam Katz Jul 6, 2023

Even before I started paying the privacy protection tax, I found that using out-of-date contact info on my domains prevented this sort of junk mail. ICANN doesn't seem to care, at least for less popular domains.

Jerry Jul 12, 2023

Hey @briankrebs thanks for spreading the word, domainnetworks\.com are now not only flagged as scam, but Phishing as well.

Reason for phishing, Requesting for CC + CWS info in letter form, that is just one to fishy for me. Related issue to comment / review https://0xacab.org/my-privacy-dns/matrix/-/issues/640572