This one is worth mentioning just because they spray it out to every domain owner on the planet and occassionally it looks mildyly convincing, as in this case:
From: Domain Service <[email protected]>
Sent: 08 January 2019 13:06
To: Domains Team
Subject: domain.com Final Notice
01/28/2019 to 01/28/2020
Domain Name: domain.com
This important expiration notification notifies you about the expiration notice of your domain registration for domain.com search engine optimization submission. The information in this expiration notification may contain legally privileged information from the notification processing department of the Domain Seo Service Registration to our search engine traffic generator. We do not register or renew domain names. We are selling traffic generator software tools. This information is intended for the use of the individual(s) named above.
to complete your payment.
Failure to complete your seo domain name registration domain.com search engine optimization service process may make it difficult for customers to find you on the web.
Process Payment for
Secure Online Payment
This domain seo registration for domain.com search engine service optimization notification will expire 01/14/2019.
Instructions and Unlike Instructions from this Newsletter:
You have received this message because you elected to receive notification. If you no longer wish to receive our notifications, please unlike here. If you have multiple accounts with us, you must opt out for each one individually to unlike receiving notifications. We are a search engine optimization company. We do not directly register or renew domain names. This is not a bill. You are dont need to pay the amount unless you accept this notification. This message, which contains promotional material strictly along the guidelines of the Can-Spam act of 2003. We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading. Please do not reply to this email, as we are not able to respond to messages sent to this address.
Please report both of these domains as fraudulent and report the email originator as a spam source.
This spam email has been received by some people this morning and earlier this week...
From: domain.com [[email protected]]
Sent: 17 September 2018 21:02
Subject: domain.com Server Security Alert: [email protected] Delete Request !!!
The actual 'cancel server deactivation' link points to: https://www.enwise.com.au/wp-content/plugins/solve/modify/[email protected] which is a live site with a valid security certificate.
The webpage looks real enough:
The spammer page appears to just keep asking you for the password - I think it actually tries to verify thr login against your email whilst you wait - so be very careful with this site.
This is another wordpress compromised by a certain Bangladeshi hacker looking to retrieve passwords and subsequently blackmail people or steal from them. He leaves his name on the wordpress site after hacking:
Report this website as phishing.
Report the orignating email address as a spam source.
This email has been spotted this week:
From: Intuit Inc. <email@example.com>
Sent: Tuesday, July 17, 2018 3:28 PM
Subject: Automated Intuit Notification
The originating email is obviously wrong - Busek.com
The 'See you receipt' link takes you to: http://njdiscrim.com?3Xf80q=QAUSY1CQVUFS1QXOBsGSJTHS
Which is obviously not an Intuit Quickbooks link, they have not bothered with a certificate or any other measures to fein authenticity.
The offending website has already been removed so no immediate danger.
Most of the Intuit company links are as they would have been originally.
This email has been seen by a number of people this week - it is not a particularly convincing one, but it deserves to be mentioned in case it may cauase any damage...
The email appears as:
From: Apple Inc <[email protected]>
Sent: Thursday, July 12, 2018 7:22 PM
Subject: Apple Alert Regarding Your Recent Purchase
The email addres obviously doesn't stack as it is from [email protected] and not Apple and the link described as see details here is pointing to http://dryerventwizarduniversity.mobi?3I=QIUBNYQASHUBQYUDP which again isn't a very convincing domain as it doesn't even have Apple in it.
If you do click the link you are taken to a non-existant website and so the email can do no harm:
Either way this email shoudl be marked as spam and the address marked as a spam source.
The IdealOfficeInc.com has no SPF record:
and so this may well be why it was chosen. SPF (Sender Policy Framework) is a simple way of informing other email servers of which IP addresses your emails are likely to originate from and not having one means that poeple are more likely to spoof your address as we see in this case.
At sircles we would always advise having a full SPF and DKIM/DMARC set of records to stop spammers impersonating you.