This week I started noticing a large-scale phishing attack against enom user accounts.
Emails are being randomly sent to common (e.g. sales@, info@, admin@ etc), dictionary and to randomly-gener ated addresses, and so will be received by a lot of people without ENOM accounts, including YNot Web customers. The mails are very well-written and look very legitimate. The first one I received left me scratching my head as I thought “but I have NO enom accounts.” I’d mostly expect some confusion and some slight panic as the messages are warning of downtimes as well as “complaints” against you for inaccurate whois information.
The emails seen so far use subjects like the below (click for full letters that we have gathered):
-
Inaccurate whois information.
-
Warning: Inaccurate whois information.
-
Your domain must be deleted today
The “from” addresses are randomly selected and may include:
- support@enom.com
- info@enom.com
- info2@enom.com
- customercare@enom.com
- tech@enom.com
The emails sent vary from merely mentioning maintenance and including an account login link, to enticing clicks by saying that your domain has been suspended unless you login and verify data. Links will take you to a non-enom site such as enom.comsys52.net which will store a person’s logon details for later exploitation.
If you receive such a message, DELETE it. If you happen to be an ENOM user and have clicked on a link in one of these messages and entered account details(even if you weren’t sure if you were an ENOM user and you entered ANY account information) , you have unwittingly compromised your accounts. Immediately change your login information to your ENOM account and contact ENOM to inform them that you have been the victim of a phishing attack.