Another domain renewal scam courtesy of
iGlobal Merchant Services.
Pertinent Details- Domain - auibcu.com
- Company Name - iGlobal Merchant Services
- Contact - Customer Contact Manager, PO Box 4668 New York, NY 10163
- Contact # - 1-866-438-2434 (note: linked to similar scams)
As usual with these scam, the entities in question trawl and farm contact details from the WHOIS database, something that's against their terms of service use, but what does that really matter, when you can pay to have domain details hidden, right? Anywho... the link in received emails holds a unique ID which takes the user to a page which looks suspiciously similar to one of PayPal's, and even if this were legit, the connection is not secure (no https://). The various logos on the page are for show only (they normally link directly back to the verification service for, you guessed it, verification purposes!).
Currently the domain,
auibcu.com, is registered through
moniker.com and privacy-protected; associated IP is
220.164.140.243 which routes to China -
ns.chinanet.cn.net (good luck with that). The payment page IP,
173.255.206.174, routes to
linode.com (
name.com is the registrar - not privacy protected). Obviously, these are pretty much just the hosting services and not necessarily the culprits at the center of iGlobal Merchant Services domain renewal scam.
Email notice which lists the domain name about to expire with wording which implies the message to be a legitimate way to renew. Note payment details as 'spoilered' - black out, text has to be selected to make it visible. All links route to the same page, including unsubscribe.
"Domain: BLENDERJOBS.COM
To: [whois trawled contact]
Don't miss out on this offer which includes search engine submission for BLENDERJOBS.COM for 12 months. There is no obligation to pay for this order unless you complete your payment by Oct 26, 2012. Our services provide submission and search engine ranking for domain owners. This offer for submission services is not required to renew your domain registration.
Failure to complete your search engine registration by Oct 26, 2012 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web)."
Payment page is similar in appearance to PayPal payment pages. Billing details are trawled from WhoIs and listed as such (displayed the same way they are shown in WhoIs). Note verification badges are dummies and do not link back to source for verification purposes.
Connection on auibcu.com is not secure. Account retrival requires input of credit card details (which likely returns 'contact page' even if legit).