Domain Legend

Phishing attempt is going around disguised as if email is coming from NetworkSolutions.
Do NOT click any links in this email.

Email said…
1. Log in to Account Manager at: http://www.networksolutions.com

If you set your email client to just read text email, not html email, it will read…
1. Log in to Account Manager at: http://www.networksolutions.com.sys56biz.

If you right click the link and choose “copy link address” and paste it into notepad, it will read…
http://www.networksolutions.com.sys78.biz/

sys78.biz is registered today at some chinese registrar.

I had another phishing attempt email yesterday as well.
Only difference is it used another domain name registered at same registrar.

Anyway, here is full phishing attempt email below. Do NOT click any link.

======== Header Info ========
Content-Type: multipart/alternative; boundary=”—-=_NextPart_000_0007_01C93B3E.1DC17A80″
Date: Fri, 31 Oct 2008 09:50:33 +0700 [10:50:33 PM EDT]
Delivery-date: Thu, 30 Oct 2008 22:50:29 -0400
Envelope-to: “my domain name here”
From: NetworkSolutions Inc
MIME-Version: 1.0
Message-ID: <01c93b3e$1dc17a80$420792cb@tenderpup>
Received:
from [203.146.7.66] by “my domain host here” with esmtp (Exim 4.69) (envelope-from ) id 1Kvk5k-000367-8L for
“my domain name here”; Thu, 30 Oct 2008 22:50:29 -0400
from [203.146.7.66] by smarthost1.trueband.net; Fri, 31 Oct 2008 09:50:33 +0700
Return-path:
Subject: Problem: Inaccurate whois information.
To: “my domain name here”
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527

======== Body part below ========

Dear Network Solutions® Customer,

On Fri, 31 Oct 2008 09:50:33 +0700 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

1. Log in to Account Manager at: http://www.networksolutions.com.sys56biz.
  2. Click on the “Profile & Accounts” tab in the left navigation menu to be taken to a page listing your account details.
  3. Click on “Accounts” and select the account you wish to edit.
  4. Click “View/Edit WHOIS Contacts” to make your updates.

If you believe someone requested this change without your consent, please contact Customer Service.

If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.

Sincerely,

Network Solutions® Customer Support

Let me say one last time.
This email is NOT from Network Solutions.

Little off the point….
I was using new browser, Chrome, from Google and tried to see what would happen if I go to this phishing site.
Chrome showed this.
Seems like very good idea to me ;-)

How about Firefox or IE?
I don’t know. When I tried to go there again today, site was no-longer there.
I will try Firefox and IE next time and see what happens.