Phishing scam targeting domain owners

Today we’ve seen several reports of customers receiving fraudulent phishing emails, purporting to be from eNom complaining about inaccurate WHOIS information.

The emails we’ve seen look like:

Dear user,

On Tue, 28 Oct 2008 21:56:13 +0100 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Tue, 28 Oct 2008 21:56:13 +0100 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.


If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

These emails are not genuine, and can be safely ignored. The links in the emails may at first glance appear to link to eNom’s website, but they actually link to fraudulent phishing sites.

For UK2 domain customers, any queries regarding your domain will come from UK2, not third parties.