Not All Phishing Is Done Via E-mail

I received an interesting – and scammy – letter in the mail last month. It was from a company calling itself “United States Domain Authority” and, at first glance, appeared to be a reminder to renew my lebowitzit.com domain name. The letter was a slick job, liberally festooned with American flags on both sides of the letter, and even on the envelope and return envelope. (Apparently, when people see American flags, they’re supposed to drop all caution and common sense and just do what purports to be the patriotic thing, which, in this case, would be to pull out the checkbook and respond to the pitch.) Here is the letter for you to see:

(For those of you wondering, I did not blank out my company name or address because I purposely post those online. I only blanked out the data items that someone might, for whatever reason, use to respond to the ad in my name.)

So, how did I know this was a scam? The answer is that this is one of those situations in which knowing just a little bit about your own organization can save you, even if you don’t know a whole lot about what it takes to have an Internet presence. Specifically, I knew that my domain name wasn’t up for renewal, because I had just renewed it several weeks before the date on the letter.

That had me looking more carefully at the letter. The next thing that stuck out, other than those pervasive American flags, was the big, bold text in the upper right corner, which proclaim “MARKETING SERVICES”. A letter from my domain name registrar, were they to send me one, would not have such text. It would be focused on domain name renewal, which is what they would be all about. Before you think that the scammers are doing you a favor by clearly identifying their wares as “MARKETING SERVICES”, they aren’t. The reason that text is there is because it is a federal crime to use the United States Postal Service to perpetrate fraud, which is exactly what making a letter like this look like a domain name renewal notice is. So, they prominently label the letter as “MARKETING SERVICES”, and then design the rest of the letter to distract your eyes from that text. This is what’s known as covering one’s legal a**.

Recognizing the remaining clues that this letter isn’t what it appears to be requires at least a bit more technical knowledge. But that’s OK — that’s what we’re here to provide!

Let’s start with the name of the sender: United States Domain Authority. It’s fairly easy to do a web search and find out if they actually are a domain name registrar, but I can tell you that I know which companies handle most domain name registrations in the United States, and this company’s name didn’t sound familiar. I also happened to know it isn’t the name of my domain name registrar. And if you read carefully, you can see the letter discloses, in smaller print, and in the middle of a paragraph that’s easy to gloss over, that they admit that they aren’t a domain name registrar:

Next, we have the cost. There is no MSRP for domain name registrations, as far as I know. Prices vary from registrar to registrar, and also depend on the exact domain name you are registering. Registrations in certain top-level domains can be extremely expensive. But I knew from my past domain name renewals that $289 was very high for just one year.

In fact, all this letter is really selling me is an opportunity, if you can call it that, to have my domain name listed in some directory that I’ve never heard of. That’s a dubious value, to say the least, and certainly not worth $289. For all I know, all it would do is put me on a list for receiving more junk mail, which I can certainly do without. There’s even the possibility that the letter is from a company that’s just a front for collecting account information to be sold on the dark web. I honestly don’t know or care. I just thought it made for an interesting blog entry and subsequent denizen of my circular file.

Leave a Reply

Your email address will not be published. Required fields are marked *