Email scams that tweak a nerve
A while back I received an email that made me instantly suspicious:
We are a domain name registration and dispute organization in Asia. which mainly deal with the global companies' domain name registration and internet Intellectual property right protection in Asia.
Currently, we have a very important issue needing to confirm with your company. On December 13,20xx, we received an application.One company named "FengNin Group Inc" wanted to apply for registering the domain names related to "ihatemypc" and Web Brand through our body.We are dealing with it. After our initial investigation, we found that these domain names and Web Brand applied for registration were as same as your company's web keyword.
I wonder whether you consigned FengNin Group Inc to register these domain names and Web Brand through us?
If yes, we will complete the registration on these domain names and Web Brand. Or you do not even know this company what so ever? I want to confirm whether you are the corporate representative of your company. If you are, I will feedback some problems to you; if you are not, please forward my letter to your company's corporate representative or administor. In order to deal with this issue better, please contact us as soon as possible.
Best Regards Kevin
I decided to investigate this a little further.
I Googled the FengNin Group and got pretty much no significant result either negatively or positively.
I checked the links provided in the email to the web site of the company that "Kevin" worked for.
Strangely they checked out. Kevin's employer had a legitimate looking web site and really seemed to be doing what they say they are.
Theoretically the domain names I have registered for my business are protected by the fact that they are registered through legitimate Australian registrars and web hosts.
However, it still concerned me that some possible third party fraudster could be trying to hijack my domains through an innocent foreign registrar by claiming them as their own i.e. instigating a dispute over the ownership.
Carefully and with some reservation I decided to reply to the email.
I told Kevin that I owned the domains and that I had no relationship with the FengNin group in any way. Any such registrations should not be allowed.
It was Kevin's reply that revealed the true nature of the scam.
Kevin tried to bamboozle me with jargon, as he'd already done in his first email, but this time the story changed. This time the story morphed into "protecting related domain names" and how I may want to protect my brand by buying up country specific "IhateMyPC" domains.
We knew your company have own trademark, this is why we informed you. But now FengNin company wanted to apply for other domain names and Web brand you have not registered yet. Following are all the domain names and Web brand which are submitted by FengNin Group Inc: Domain names: ihatemypc.asia Asia ihatemypc.es Spain ihatemypc.eu Europe ihatemypc.fr France ihatemypc.jp Japan ihatemypc.sg Singapore ihatemypc.tw Taiwan
It was at this point it became very clear that Kevin was trying to scare me into buying domain names that I don't want and don't need.
I was expecting that Kevin may have then suggested I pay for them with my credit card. There was no way I was giving this guy a credit card number.
The true nature of the ultimate fraud may have been a few layers away but this is where I stopped corresponding with Kevin. I waited for his next move.
Some days later I did receive another email from Kevin:
Dear David, I have sent you email, but have not received your reply by now. So I want to confirm: 1, Have you decided to give up? 2, Are you in the process of discussion? 3, Do you have any other question? I look forward to hearing from you！ Regards, Kevin
Kevin thought he had one on the hook. Often just being a "real person" and corresponding with people who doesn't understand the terminology is enough to convince people to part with money.
I have to tell you, I was worried enough about replying to his original email, but he already had my email address and I divulged nothing else along the way. Replying to this last email required some extra care and a new degree of assertiveness.
I considered my response to Kevin. This is what I sent:
Kevin, It is clear to me that you are just trying to scare me into buying domain names. I have forwarded your details to the relevant authorities and will take legal action if any of the domain names I presently have registered are compromised in any way by your organisation's activities. No further correspondence will be entered into. D.Moore
So far Kevin has gone quiet. If he is smart that will be where it ends. If he's dumb or genuine I may get an apologetic "bail-out" from him. I am not holding my breath. Either way I will stand by my word and not reply to him.
So what is the lesson in this?
For me it was that fraud, as expected, is getting harder and harder to distinguish from genuine activities. Kevin's email, the company web site and all the usual suspect things seemed believable, i.e. not necessarily true, but possibly true.
The alarm bells of the "contact out of the blue" still works when trying to spot fraud. That is, if someone contacts you unprompted then caution is advised.
If someone uses language that you don't understand then seek to understand it but don't act on it. Ask an expert and wait. Time is on your side. Act now at your own peril - undoing such actions can be costly and time consuming.
Sooner or later something will look real enough to catch me and/or you out.
A personalized believable lie is a very hard thing to ignore. A lie that impacts upon your reputation, business and ability to live your life is even harder to ignore and does deserve some further investigation and shutting down where possible.