The ICANN Security and Stability Advisory Committee (SSAC) has released an advisory on “registrar impersonation” attacks, a form of phishing that targets domain name registrants. The attacker impersonates a domain name registrar, and sends an expected or anticipated email message to a registrant, duping the latter to log onto a falsified web site using his domain management user name and password. Upon gaining these credentials, the criminal can use the victim’s domains in new attacks.
The twelve-page advisory discusses recommended practices to minimize or prevent phishing attacks employed by more common phishing targets such as financial institutions. SSAC also recommends measures that registrars can take to make their correspondences with registrants less susceptible to phishing, as well as to identify ways for registrants to detect and avoid falling victim to this form of fraud.
Have you received the kind of phish email described above? Please post your comments!
Post a Comment