Phishing [domain registration]

I got an email seeming to come from DreamHost:
(I obscured my email address)

From: DreamHost dreamhost@hibox.hinet.net
To: me
Subject: Domain name (my domain.com) will expire soon
Date: 15 Jul 2021 10:08:05 -0700
Message-ID: 20210715100805.58D1576D515F49BC@hibox.hinet.net
MIME-Version: 1.0
Content-Type: text/html

One of your domain names is scheduled to expire in 7 days. If your
domain is enrolled in our Automated Domain Renewal Service (ADRS), we
will automatically initiate a one-year renewal 5 days prior to the expiry
date; we’ll send you more information about that process as it gets
closer.

IF YOUR DOMAIN IS NOT ENROLLED IN OUR AUTOMATED DOMAIN
RENEWAL SERVICE, YOU WILL NEED TO RENEW IT MANUALLY WITHIN THE
NEXT 3 DAYS OR YOU WILL LOSE YOUR DOMAIN NAME.

The name due for renewal is:

Domain Name, Expiry Date
my domain.com, 2021-07-23

To see whether or not your domain will auto-renew, log into
DomainCentral, the DreamHost domain management interface:
[http://www.dreamhost.com/webControl/my domain.com](https://wgtel.com.br/wp-includes/css/mailchannels/static.php?email=d-h email)

If you are sure you already renew your domain name please click on the link below:
http://www.dreamhost.com/renew/my domain.com

Best wishes,

The DreamHost Team

As you can see, the links don’t go to DreamHost, they go to wgtel.com.br .br for Brazil.
The links go to a page that might look like a DreamHost email sign in.
I guess they are trying to steal email passwords?
-mort

1 Like

Link them to this thread via Support ticket (or Twitter if you use it) so that someone in the DH fraud department can release the hounds.

Amusing that a phishing email is using raw Markdown which makes the fake link so obvious.

I think the markdown in the first link was disclosed due to the composition of the post. (Had it happen to me with links if I hit a backspace or w/e inadvertently during composition).