ApostropheAtrophy.com

Bob Sakayama Exposes A Long Running Scam

If you've ever purchased a domain, it is very likely you've been targeted by this con.

The subject line in the email is "Domain Notice" or "Domain Service" or "Domain Notification" or "Domain Name Expiration Notice" or some similar misleading subject suggesting the message is related to the renewal of your domain name.

A quick read of the message will make you think that your domain registration is about to expire and you need to renew it immediately. Here's a sample notice:

 

 

Bogus urgency implied in the above:

"This letter is to inform you that it's time to send in your registration."

"Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web."

"This Notice for: YourDomain.com will expire at 11:59PM EST, 25 - Marc. - 2021 Act now!"

 

A careful read of the email reveals an intentionally obfuscated message that is actually pretending to offer a very different service - SEO (search engine optimization) - which victims report is never actually provided. The entire thing is intended to trick you into giving them money, thinking you're renewing a domain registration, but carefully worded to avoid a legal issue of misrepresentation. If you give them money you will receive nothing in return.

We know this is working for this unethical business because of the effort required to support the huge number of email addresses and websites used in this scam, and how long this con has been running - at least 10 years. The above message was supposedly sent from hugo@hugoboss.com - hugoboss.com is a legitimate retailer - but the email headers show it was actually sent from the server for angerrrubish.com. We've received the same exact message from many other email addresses and all were gamed, so a reply would never get back to an actual sender. A small sample of the gamed senders:

hugo@hugoboss.com
petra@visioniron.com
kfg@retailerpeasant.com
fra@venturebacon.com

The above sample notice refers you to a page on citydevine.com where you can fill out the form and pay them, but again, there are a huge number of other urls with the exact same infrastructure and form. Here's a list of the urls we received in just a couple of weeks:

https://citydevine.com/domain/
https://harumtirtajaya.com/domain
https://pcbox.cl/domain/
https://bddevine.com/domain/
https://deshnewz.com/domain/
https://deshtodays.com/domain/
https://simapari.com.au/domain/
https://deshdevine.com/domain/
https://devinebangla.com/domain/
http://abortionwill.org/domain/
http://herbbread.org/domain/
http://despairinspire.com/domain/
https://bangladevine.com/domain/

Every one of the pages is identical. The large number of emails and domains involved is intended to prevent the shutdown of any one from harming their obviously profitable con. All the urls look like this:

With few exceptions, the content on the root domains of the above urls is also identical, appear to be unrelated to the scam, and written in Bengali, so we suspect the con is originating in Bangladesh:

 

Most people probably only own only a very small number of domains, so they can't see the scale of the fraud. The reason we were able to discover the size and the details of this scam is because we own thousands of domains, and every one receives this notice at least once a year. We receive dozens of these notices every week.

This scam has been known and reported for a long time, yet continues to generate revenue for the fraudsters. Do a search for "domain notice fraud" - here's the top of that search in Google:

 

Don't be fooled by this scam. You can only renew your domain registration at the legitimate registrar you used to originally register it. Check the sender of the email. If it's not from that registrar, don't engage.

Share this post to help prevent this con from claiming another victim.

 

By Bob Sakayama

 

ApostropheAtrophy.com