I received this email (which was dutifully filtered by my webmail spam blocker) on 7th February, 2016.
The interesting points about this email are:
- It is an unwanted email. I.e a Spam.
- It refers to a domain name that is indeed owned by myself.
- It includes the postal address which is indeed registered against the domain on WHOIS database.
- It uses the phrase ‘expiration notice of your domain registration‘ but then continues on to say ‘for <domian.com> search engine optmization submission’.
- It asks for a payment of $61 for ‘domain SEO registration‘
As we can imagine, it is designed to mislead and possibly confuse the domain owner to think that his/her domain is indeed due its renewal and lure him/her to pay up the ‘renewal fee‘.
WHOIS data on the spammer's domain
Looking at the WHOIS registration information on the lure domain used in the spam showed that the spammer domain has been registered since 3rd February, 2016. I.e. Only for five days (at the time of writing).
If a spammed victim clicks on the ‘Secure Payment’ link on the spam mail, the link takes him/her to the spammer’s landing page:
h–p://senstraff[.]com/redirect.php/x=l (screenshot attached)
This page asks the victim for his contact information and then it redirects to the payment page on a legitimate payment processing site (see screenshot).