IMPORTANT ALERT- Phishing scam that may affect your company domain names
Please be advised shortly after 12 midnight ET today, June 24th, a phishing attack was launched by an unknown party to holders of domain names worldwide. If your company holds any domain names it is likely the person(s) listed as the administrative contact (typically your company domain name administrator or legal department) in the ownership record of the domain name received an e-mail from a party posing as the governing authority of the domain name space (known as the Internet Corporation for Assigned Names and Numbers or ICANN). The e-mail would have come from icann@icannresolve.com with a subject line of: ICANN - Domain Upgrade Notice and would have directed them to click a link included in the e-mail and input sensitive domain name information by July 25th to avoid any disruption in service or connectivity. ICANN did not send this notice to domain name registrants and this is a classic example of a phishing attack.
We have been informed by ICANN that the website being utilized to capture information as part of this attack has now been disabled and taken offline. Thus, the attack is no longer active. However, we strongly encourage you to immediately make your legal department aware of this situation. It is important for them to know that this threat did exist for a short period time (1-4 hours) so they can take steps to determine if any party within your organization acted upon the e-mail prior to the website being taken offline.
RECOMMENDATIONS
- If you or someone within your organization did provide information at the link provided within the e-mail, we strongly recommend that you contact your domain name registrar immediately to change your account logins/passwords and to confirm that your domain names are in a locked status.
- CSC also strongly recommends that all companies who own domain names take this opportunity to review existing email policies to ensure that guidance is provided to staff regarding how they should handle e-mail from unconfirmed sources. CSC advises your policy include a statement that providing sensitive business information, such as logins and passwords, in response to e-mail requests be strictly prohibited. It is also advisable that you share or re-circulate this policy with staff immediately.
As an ICANN-accredited registrar and trusted partner of corporations and law firms worldwide for domain name management, trademark, brand protection and phishing services, CSC takes incidents such as this very seriously and is at the ready to assist you with any questions and concerns you may have about this situation. For more information or assistance, please call one of the numbers below, e-mail contactus@cscinfo.com or visit our website at www.cscglobal.com.
What is Phishing?
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
Source: Anti-Phishing Working Group (apwg.org)
