Software

The Chinese Domain Scam

If you have any domain names registered, you should keep an eye out for the Chinese Domain Scam, a ploy based on fear of domain-name squatting.

I received an email that, judging by the set-up, can only be one thing: the bait for a type of scam I have not seen before.

We have all heard about domain squatters, who register domains they think someone else might want some day just so they can sell them off for much higher than the going rate for domain registration and make a tidy profit. There have even been cases where large corporations have played upon our fear of domain squatters to snatch public relations coups from the jaws of public condemnation.

It appears that a new class (new to me, at least) of scam targeting the fear of domain squatters has arisen. In this attempt to con you out of your hard-earned money, you receive an email that claims someone is trying to register domain names that will either be sold to you later at exorbitant prices if you want them or used to create brand confusion, stealing your customers. Hints at violating, or even "stealing", your trademarks may be woven into the broken English in this alarming email.

The email I received (with the names changed -- to "Foo" and "Bar" for the outside entities, and "example" for my own domain names, to protect the guilty) looked like this:

We are Shanghai Foo Network Information Technology Co.,which is the domain name register center in China.I have something need to confirm with you.

We have received an application formally.one company named "Bar (China) Investment Co." applies for the domain names(www.example.cn www.example.com.cn etc.),and the Internet keyword(example) on the internet September 17,2009.We need to know the opinion of your company because the domain names and keyword may relate to the copyright of brand name on internet.

we would like to get the affirmation of your company,please contact us by telephone or email as soon as possible.

I am not the only target of this scam so far. After doing a little searching on the Internet for more information about this kind of email, I stumbled across an account of Chinese Domain Name Fraud. Another account of this sort of scam is described at Firetrust, in Domain name scams. The domain name for the scammer who sent me the above email is included in Firetrust's list of domains that should not be trusted, though even if it wasn't I would know to avoid responding to an email like this.

Don't respond to these emails. Their aim is to try to convince you to register a lot of domain names you don't need, of course. Even if you break off contact before you get to the point of sending any money, though, responding at all confirms that yours is a good email address and that you might be inclined to respond to such contact in the future. You may get yourself on a phisher's or scammer's email address list, being sold to the highest bidder in one of the lowest trades on the Internet.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

39 comments
Maaaaaaaaaaan
Maaaaaaaaaaan

Also received email from Benson Lee (verify@dms-ltd.org.cn) 



From: From: "Benson Lee"<verify@dms-ltd.org.cn>

Subject: "xxxxxxxxxxxxx"



Message: 
(It's very urgent, Please transfer this email to your CEO or appropriate person, thanks) 
Dear CEO, 
We are the institution for registration service in the People's Republic of China.We formally received an application on January 6th, 2014 that a company claimed ''DERT Intl. Ltd" were applying to register"xxxxxxxxxxxxx"as their Brand name and some "xxxxxxxxxxxxx" domain names through us.
Now we are handling this registration, and after our initial checking, we found the name were similar to your company's, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we would finish the registration at once. If you did not authorize, please let us know within 5 workdays, so that we could handle this issue better. After the deadline we will unconditionally finish the registration for DERT Intl. Ltd.
Looking forward to your prompt reply.

Best Regards,
Benson Lee
Tel:+86.551-6349-5334
Fax:+86.551-6349-5344
Address:Tai Hu Lu 15 Hefei, Anhui, China</verify@dms-ltd.org.cn>

buythiscomputer
buythiscomputer

Hello and thank you Thanks for reporting, these axxholes also contacted me !

highlander718
highlander718

there is nothing illegal in what they are trying to do. We received 2 of these e-mails and out of curiosity we did a little IP/domain research on the sender. They actually seem to be valid companies, if you want to reserve your domain name through them, there is nothing illegal in it. What I heard is that they intentionally target CEO's and eventualy manage to sell them domain names for hundreds of USD's (what's that for an enterprise?). Now, we all know what a domain name costs these days ...

sltan
sltan

This is the email that I got archived. It was sent to my company email address. I have changed our company name and email address to "abc" : ----- Original Message ----- From: annie.li To: abc Sent: Friday, March 13, 2009 11:30 AM Subject: NOTICE to ABC Mar 13, 2009 ABC Domain name & Internet keyword Dear sir/madam, We are Hong Kong Network Service Company Limited which is the domain name register center in Asia. We received a formal application from a company who is applying to register ?abc? as their domain name and Internet keyword on Mar 12, 2009.Since after our investigation we found that this word has been in use by your company, and this may involve your company name or trade mark, so we inform you in no time. If you consider these domain names and Internet Keyword are important to you and it is necessary to protect them by registering them first, contact us soon. Thanks for your co-operation and support. Kind Regards, Annie Li Hong Kong Network Service Company Limited Tel: +852-317 579 31(ext8013) Fax: +852- 317 579 32 Email: annie.li@hk-nsc.hk website: www.hknsc.hk

Gis Bun
Gis Bun

I've been [luckily] seeing less and less of this crap. Very rare actually. I guess my ISP does a good job in filtering. Here's my comments on this crap..... Anyone who's been in the IT field for a while and falls for one of these scams shouldn't be in IT. Of course those who are not computer experts should be taught. I send out messages regularly to friends and family regarding new scams and malware - unfortunately not all of them read it. [as I discovered]. :-) Some of these scams are really a joke. Bad spelling. Bad punctuation. Broken English. Reply address to a gmail or Hotmail account. Very few are even look professional.

doug
doug

I got hit with that email a week or so back. Besides the fact that it seemed like a scam from the start, it was weird because it was sent to my personal work email address. The only email address listed on our site is the "sales" address. So any real inquiry should have gone there. Do these guys have their scams on a rotation? Seems like every week it's something different. This week it's "enhancement" products, then it's the free junk I have won. I've "won" the lottery in every major country in the world, apparently. haha Where can you go to report the scam emails. I read about other people reporting them. Does anyone know the site or sites?

jon_iz
jon_iz

It proved useful to me - I realised we hadn't registered the German Domain for our company, so i promptly registered it.... Otherwise these messages just go in the bin.

santeewelding
santeewelding

Can you even imagine anyone wishing to sidle up that close to me? More like they would run screaming.

shanse3
shanse3

Our company got hit with this a while back. I got an official looking email from a domain registry company located in China claiming that someone was trying to register a bunch of variations of our domain name. She claimed that she was being kind and offering us first chance at these before someone else took them. Whenever I get an email like this, I ask myself "What's in it for them?" If they have a guaranteed sale through someone else who wants to buy variations of our domain, why would they waste their time trying to get the same amount of money from us? It didn't make business sense at all. On top of that, we have an uncommon domain name (mrc-productivity.com), and I just couldn't imagine that anyone really wanted to squat on that. We chose to ignore her emails. Nobody ever registered those domains.

CharlieSpencer
CharlieSpencer

Reminds me of the snail mail I get warning me the warranty on my car is about to expire.

apotheon
apotheon

Forewarned is forearmed, they say. Have you gotten hit with this scam? What about other scams, aside from the usual "Saddam Hussein's Gold" and Nigerian scams?

ICH555
ICH555

Last year I had a telephone call from someone claiming to work for a UK registration authority. They said that someone who they believed to be a disgruntled ex-employee was attempting to register a number of domains very similar to ones that we had registered, and was going to attempt to steal our customers, by pretending to be us. the caller was a charming young lady. She mentioned that this person would be spending in the order of ?1000 with them. They had originally called the MD who put them through to me. I declined to perform any protective registration and told the called that If anybody tried to pass themselves off as us, we would use the full force of English law to stop them. The MD and I agreed it was a scam call. Apart from anything else, you would not tell a registrar that you were registering a domain to perform an illegal act!

rclark
rclark

They actually do have a fraud monitoring division. Then one day I got an email back from the FBI telling me to cut it out. My emails were junking up their filters requiring eyes on each, and they knew about the garden variety emails already. So I don't send them in any more. The odds are that if you regularly send in all you get, the only thing you will get is a ticked off agent on the recieving end. So if it's unusually creative, you might want to send it in. If it is a standard come on like the ones posted, you could post it online, but I wouldn't bother Homeland Security with it. By the way. According to my sources, this post has about 99% chance of being seen by an eyeball in washington because of the keywords in it.

jon_iz
jon_iz

I used a German registrar against our German office address...

apotheon
apotheon

In my experience, you're actually not bad company, in person.

NickNielsen
NickNielsen

not to get too close without leathers... ;)

RookieTech
RookieTech

Damn Mongolians breakin down my City Wall (Quote From South Park) lol ;0

drumbeat
drumbeat

and replied to it. However, we did NOT send any money and after 2 replies stopped contact. I did not get any more "offers" from them. As to getting on spam lists, I already receive a lot of spam at my email address, so I don't even notice a few more.

The 'G-Man.'
The 'G-Man.'

I ordered black bean and they delivered sweet and sour. Come on people!

seanferd
seanferd

Someone had a question as to whether this "domain notification" was legitimate or not. I've not turned it up in a search yet, but the concept was the same. Good of you to get this information out there.

RookieTech
RookieTech

yea that is messed up goes to show you how much money corrupts people

dg.itpro
dg.itpro

Several months ago for a previous employer. There were repeated emails, right along the lines of someone trying to register the company?s name over seas and if quick action was not taken we could loose those domains, plus the ones here in the US. A quick investigation of the sender of the email and the registrar company claiming to be contacting us led us to take note, and delete these emails.

gothicgeek77
gothicgeek77

I received the almost same exact email about a month ago, form the Mitsubishi, Samurai and Ninjitsu, among others. I thought it was kind of hilarious to read. I truly got a kick out of it. I just hope that this information gets around fast enough so that the people who don't know about this scam aren't taken advantage of.

gothicgeek77
gothicgeek77

I received the almost same exact email about a month ago, form the Mitsubishi, Samuraiand Ninjitsu, among others. I thought it was kind of hilarious to read. I truly got a kick out of it. I just hope that this information gets around fast enough so that the people who don't know about this scam aren't taken advantage of.

rclark
rclark

Anti-Terrorist And Monetory Crimes Division FBI Headquarters In Washington, D.C. Federal Bureau Of Investigation J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001 Website: www.fbi.gov Telephone Number : (206) 973-2572 Attn: Beneficiary, This is to Officially inform you that it has come to our notice and we have thoroughly completed an Investigation with the help of our Intelligence Monitoring Network System that you legally won the sum of $800,000.00 USD from a Lottery Company outside the United States of America. During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be paid to you via a Certified Cashier's Check. Normally, it will take up to 10 business days for an International Check to be cashed by your local bank. We have successfully notified this company on your behalf that funds are to be drawn from a registered bank within the United States Of America so as to enable you cash the check instantly without any delay, henceforth the stated amount of $800,000.00 USD has been deposited with National Citi Bank We have completed this investigation and you are hereby approved to receive the winning prize as we have verified the entire transaction to be Safe and 100% risk free, due to the fact that the funds have been deposited at National Citi Bank you will be required to settle the following bills directly to the Lottery Agent in-charge of this transaction whom is located in Lagos, Nigeria. According to our discoveries, you were required to pay for the following - (1) Deposit Fee's ( Fee's paid by the company for the deposit into an American Bank which is - National Citi Bank ) (2) Cashier's Check Conversion Fee ( Fee for converting the Wire Transfer payment into a Certified Cashier's Check ) (3) Shipping Fee's ( This is the charge for shipping the Cashier's Check to your home address ) The total amount for everything is $350.00 (Three Hundred And Firty-US Dollars). We have tried our possible best to indicate that this $350.00 should be deducted from your winning prize but we found out that the funds have already been deposited at National Citi Bank and cannot be accessed by anyone apart from you the winner, therefore you will be required to pay the required fee's to the Agent in-charge of this transaction via Western Union Money Transfer Or Money Gram. In order to proceed with this transaction, you will be required to contact the agent in-charge ( Mr. Ocho Ebi ) via e-mail. Kindly look below to find appropriate contact information: CONTACT AGENT NAME: MR. OCHO EBI E-MAIL ADDRESS: onlineballotsystem@onlinedstv.com Telephone Number : +234-802-673-0594 You will be required to e-mail him with the following information: FULL NAME: ADDRESS: CITY: STATE: ZIP CODE: DIRECT CONTACT NUMBER: MONTHLY INCOME: CURRENT OCCUPATION: AGE: Attached below is a confirmation letter of guarantee from the FBI board of directors and staffs. You will also be required to request Western Union or Money Gram details on how to send the required $350.00 in order to immediately ship your prize of $800,000.00 USD via Certified Cashier's Check drawn from National Citi Bank, also include the following transaction code in order for him to immediately identify this transaction : EA2948-910. This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $350.00 ONLY to Mr. Ocho Ebi via information in which he shall send to you, if you do not receive your winning prize of $800,000.00 we shall be held responsible for the loss and this shall invite a penalty of $3,000 which will be made PAYABLE ONLY to you (The Winner). Mr. Bill Nicholson Special Agent. Washington DC FBI. Room, 7367 J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001 www.washingtondc.fbi.gov@live.com Please find below an authorized signature which has been signed by the FBI Director- Robert Mueller, also below is the FBI NSB (National Security Branch Seal) NOTE: In order to ensure your check gets delivered to you ASAP, you are advised to immediately contact Mr. Ocho Ebi via contact information provided above and make the required payment of $350.00 to information in which he shall provide to you.

rclark
rclark

We in the US are a little arrogant about our language. We share it with so many people that we pretty much accept anything as ok except in formal communications. At that point, we pretty much demand exactitude that third world gangsters rarely match. Reading James? email, there are several tense and plurality problems that show this is probably an Asian author. But this one is close. They put effort into it. Reading it straight only pinged a couple of times on my crook radar. I got one the other day with a senders address of FBI.gov. That one was for winning the email lottery in Nigeria. They said they had already transferred the money to the FBI so I would need to get it from them, but could I please pay the lottery commission back for the processing cost of setting up my bank account and transferring the money into it? Total was only $350, and my payout was reportedly 800K so way good deal eh? The real problem is that they only have to snooker one or two people to make more than the yearly national average wage in their country.

don.gulledge
don.gulledge

The most deceptive email I've seen is the email informing you there has been activity on your PayPal account and PayPal wants you to check your account and make sure the activity is valid. They give you a link to click on that looks like a PayPal site but underneath is a fake website. The emails come in differing flavors, but some are so good and look just like PayPals emails that I've had several people send them to me and ask my advice before acting. Have to say that this one is the best one out there. Not like the Barrister Jones or Otawa Atta kind. No bad english or mispellings, no format give aways. Just honestly good con. Seen that for credit card accounts too, but they aren't as well done as the PayPal one.

JamesRL
JamesRL

Got this in my email from an address that looked valid until I read the headers. Attn: XXXXX Users. This is in conjunction with AT&T and all XXXXX Account Users.We are having congestions due to the anonymous registration of XXXXX accounts so we are shutting down some account and your account was among those to be deleted. We are sending you this email so that you can verify your account to enable us upgrade your account to avoid shutting it down permanently,verify to let us know if you still want to use this account.If you are still interested please confirm your account by filling the space below. Kindly Fill In Your Account Details Below * Username: (_______________________) * Password:(________________________) After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences. Warning!!! Account owner that refuses to update his/her account after three days of receiving this warning will lose his or her account permanently. Sincerely XXXXX Account Services ------------------------- Of course the fact they were too lazy to change AT&T(there is no AT&T in Canada anymore, they merged and renamed) to something appropriate was the first flag. Second flag, they already know my username, and they have no need of my password. My frustration is that I forwarded numerous copies of this to my ISP and they didn't reply. James

santeewelding
santeewelding

If Chad were of a mind to scam me thus, he wouldn't.

rick
rick

Gosh, there must be so much budget cutting at the FBI that even a Special Agent doesn't get his own office (he gets room 7367.)

stuart
stuart

Actually, if you send me just $300 I will do the leg work and get you the money. Here is my contact info: yaright@sendmethemoney.gotu I will save you $50 :)

gothicgeek77
gothicgeek77

I received one like this (unfortunately, it happened a while ago and can't find the copy I had) but it was the FBI stating that I had OWED $800,000.00 because I "got caught" scamming other people and I was going to be under arrest if I didn't return the money to the rightful owners. I got a real kick out of it, laughed my *** off, and them promptly sent it to the proper authorities with the full header information. Them I realized that I probably shouldn't laugh too much because there are still people out there who actually fall for this stuff.

OldER Mycroft
OldER Mycroft

I wouldn't wake up for less than a Million !! :^0

CharlieSpencer
CharlieSpencer

The surest sign that someone's phishing is an email from a firm you don't do business with.

apotheon
apotheon

Yeah, I've run into the PayPal phishing scheme too.