Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Domain Appraisal Scam Targets Domain Name Owners

Published: 2007-03-24
Last Updated: 2007-03-24 20:41:17 UTC
by Lenny Zeltser (Version: 1)
0 comment(s)
The Internet is abound with scams of all shapes, colors, and flavors. This note is about a domain appraisal scam that seems to be targeting domain name owners. Justin Hall sent us an email, describing the scam that targeted him recently. This note is based on his description of the scam, as well as on the accounts sprinkled throughout the web.

There are many accounts of this scam on the web. Although some details change from incident to incident, the key attributes, meant to confuse and misdirect the victim remain the same.

At the onset of the scam, the scammer emails the victim with an offer to purchase one of his or her domain names. According to one report, the note looks like this:
I found your name for sale on the web. Can you give me a price for the name in the subject line. Domain names is not my main business. Just another way to make money online on domain reselling.
The goal of the scam seems to be to direct the victim to appraise the domain name with an appraisal service of the  scammer's choice. However, rather than directly pointing the victim to a particular appraiser, the scammer directs the victim to a forum discussion about the most reliable appraisal service:
Of course, we must be sure that you are engaging a reputable appraisal company. I heard many appraisal companies often made inaccurate appraisals. I will only accept appraisals from independent sources I trust. I heard some appraisal companies often made inaccurate appraisals. To avoid mistakes I asked domain experts about reputable appraisal companies in a forum http://domaintalk.ourplace.com/Archive/261947.htm
All indications suggest that the forum discussion is bogus. The "forum" seems to be a static HTM page that is meant to look like a forum discussion. Discussions on real web forums about this scam indicate that there have been multiple versions of the bogus discussion, all hosted under http://domaintalk.ourplace.com/Archive, but using different file names.

Some of the bogus discussions are still available (95073.htm, 261947.htm, 98042.htm); others are not longer live. The discussions differ slightly, but all have the same pattern. The first message asks to recommend a good domain appraisal service:
Hi folks, I am going to invest money in several good names. I don't want to overpay so third party valuation is a must. Investing in good names is a new business for me. Can someone recommend me good appraisers?
A user "NameSeller" responds by mentioning a few appraisal services. After a few other messages, the apparent winner usually becomes securenamesale.com.

Public accounts of the scam state that even if the victim pays for an appraisal certificate from the service approved by the scammer, the scammer does not purchase the domain.

Is securenamesale.com a legitimate service? It's hard to say for sure, but the victims describing the scam on public forums are highly doubtful. The site sells domain appraisal software for $99. We located another site hosted on the same IP address and having the same content as securenamesale.com; it goes under the name allfordomains.com.

The ultimate objective of the scammer remains a bit unclear. The scammer probably benefits financially from the victim using the designated domain appraisal service, although it's possible that some other motives exist. If you have any specific information about this scam, please let us know.

-- Lenny

Lenny Zeltser
InfoSec Practice Leader
Gemini Systems, LLC
www.zeltser.com
Keywords:
0 comment(s)
Diary Archives