SSAC Advisory on Registrar Impersonation Phishing Attacks

This paper describes a form of phishing attack that targets domain name registrants. The attacker impersonates a domain name registrar and sends an expected or anticipated correspondence to a registrar's customer (a registrant) regarding a domain name related matter. Examples of expected correspondence include a notice of pending expiration of a domain name registration, a promotional email, a notice informing the registrant of an account management issue, or generally, any correspondence that requires or encourages a customer's immediate attention. The correspondence, however, is bogus. The phisher creates a web site that is deceptively similar to the registrar's site to induce the customer into accessing his domain management account and unwittingly disclose his account credentials to the phisher.