Real example of Domain Scam and Phishing

This morning I received the following email:

The domain name example.org is about to expire 2009-09-28.

If you wish to continue using your domain name please click on the link below.

Click here to renew. ——–> http://www.domainrenewal-online.org/for.php?d=example.org

Once the payment has been completed the above mentioned domain name will automatically be renewed and a conformation will be sent.

Additional information

ISPRenewal consults companies about their ownership of domain names on the internet. We supply information to companies about to their domain portfolios, administer domain addresses and when a domain name is due to expire we inform businesses that it is time to renew a domain name. If you wish to assign ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider. You may also request your resent Domain Service Provider to extend your domain. If you have any enquiries, do not hesitate to contact our customer service center at +44(0)20 33 55 4951 visit us on the web.

Off course, I changed the original domain name. Instead example.org the email included a real domain name I actually own.

This email is a real example of a kind of phishing and domain scam. When you enter the fake renewal interface, you are asked to provide personal details and credit card information to finalize the purchase. In this way the attacker might obtain your credit card information and use your personal details to gain the property of the domain.

Usually they try to use the same register date, but of course they tend to "adjust" it so that it will expire just now. In this way you are prone to immediate renewal.

This is the first time I receive such this email and, at first glance, my reaction was: WTF, I forgot to renew one of my domains?!? It could happen, I have more than 100 active domains! I immediately checked the real expiration, then I noticed the email was coming from a different registrar and the fraud started to became apparent.