Warning: Phishing Email pretending to be from Dreamhost (Domain Abuse)


Just in case anyone else gets it, I’ve just had a phishing email purported to be from Dreamhost:

Domain *******.COM Suspension Notice

(sender address forged to be domain-abuse@dreamhost.com.org)

Dear Sir/Madam,

The following domain names have been suspended for violation of the DREAMHOST Abuse Policy:

Domain Name: *******.COM
Registrar: DREAMHOST

Multiple warnings were sent by DREAMHOST Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Spam and Abuse Department
Abuse Department Hotline: 480-678-6671

The domain they gave (I’ve redacted it above) was one I host with Dreamhost so I found it pretty realistic. But the clickable link is to a page on aldc.com.au. Do not click it if you get an email like this!

More info on this phishing email here: http://domainnamewire.com/2015/10/26/warning-domain-name-phishing-email-blast-going-on-right-now/

Thanks for the heads-up! (On a not-quite-related note, we just got the “Richard Parker” telephone scam today. Apparently, it’s the day for scams.)

I just received the same email…

The email was addressed to <mydomain.com>@PROXY.DREAMHOST.COM so it came through to the email account that I have registered with Dreamhost with.

The hyperlink in the email is to a website rarity.digital-eve dot com with a php file and the parameter being your domain name.

Upon clicking the link it redirects and asks you to open a .scr file. (I didn’t save it of course it is probably a virus)

The source of the email
IP Address
Location Indonesia, Kalimantan Selatan, Banjarmasin
Latitude & Longitude -3.324420, 114.591000 (3°19’28"S 114°35’28"E)
ISP PT Telkom Indonesia
Local Time 28 Oct, 2015 03:07 PM (UTC +08:00)
Domain telkom.co.id
Net Speed (DSL) Broadband/Cable/Fiber
IDD & Area Code (62) 0511
ZIP Code 70113
Weather Station Banjarmasin (IDXX0009)
Mobile Country Code (MCC) 510
Mobile Network Code (MNC) 10
Carrier Name Telkomsel
Elevation 9m
Usage Type (ISP) Fixed Line ISP, (MOB) Mobile ISP
Anonymous Proxy No
Shortcut http://www.ip2location.com/

There are some funny videos on YouTube dealing with phone scammers. :wink: Hate those guys!

Cheers for the info. This one seems really common at the moment. And from info at that other link, they are working their way through the alphabet of domain names! Wonder if your domain began with F, G, H’ish? Mine started with F so expecting my other domains to come up soon.

I got two of those today, each for a different one of my domains. The hyperlink within each one is to a different domain. I didn’t bother clicking over to see what’s on them.

I got a version of this email last night. The really funny thing in my case was that the domain name was misspelled in the subject line of the email.