SCAM! Expire Warning: IMMEDIATE Renewal Required
Our old friends at Domain SEO Service Registration Corp are back with a different, but the same scam, this time instead of SEO, its certificates, I assume SSL certificates, although the email does not mention SSL, I just cannot think of any other certificate that would apply to domain name registrations.
Here’s the full email I received, sans personal information;
This message is to communicate to you that your bill number f0319016c3794645851d2a754abc2e
6b due on 2021-06-19 is SUSPENDED. Please make sure that you make payment AS SOON AS POSSIBLE to prevent any TERMINATION of service to [REDACTED].COM certificate. Do take note that if no payment is made in the next 3 business days, your data will be purged and deleted.
https://aedomainwebmgno.ga/?
xid=[REDACTED] The domain administrator currently on file is [REDACTED].
Disclaimer statement: We can’t be held legally liable for any claims, damages or losses that you may incur because of the cancellation of [REDACTED].COM. Any such damages may include but are not solely restricted to: monetary losses, deleted data without saved backups, loss of SEO positions, lost appointments, undeliverable e-mails or any other service, technical or business damages that you may incur. to learn more please refer to section 7. a7 of our Terms of Service.
This is the final renewal notification that we are required to send out about the expiration of [REDACTED].COM certificate.
https://aedomainwebmgno.ga/?
xid= [REDACTED] All online services will be restored automatically on [REDACTED].COM upon receipt of payment. We thank you for your attention and continued business.
The first thing that raised alarm bells is the .ga domain link, which is a top-level domain for the central African nation of Gabon. I copied and pasted the link into my Linux virtual machine and the link itself is safe, from what I can see, it just takes you to a payment page; see screenshot below.
Another big red flag other than the Domain SEO Service Registration Corp emblazoned on the footer, is the fact that when you click the Contact Us link at the top of the page, the address shown is “1000 Fifth Street, Suite 200, Miami Beach, FL 33139”, whereas the footer shows “707 SW Washington St, STE 1100, Portland, OR 97205, US”. Finally, none of the links in the footer work, they didn’t even bother to change the text select cursor to a hand cursor in CSS, to at least make it appear to be a genuine link.
But wait, there’s more, if you remove the “xid=abc123” from the link, to go to the root of the domain at aedomainwebmgno.ga, i.e. what should be the home page simply shows a white page with “Site Name not found”, genuine companies will have a homepage for their business. And, the domain, ironcladecertifications.com, from which the email was sent, also results in a white page with no content.
I write this blog in the hope that people find it and not get scammed by these people. it’s a variation on a theme, but this tack is new, and I cannot find anything specifically related to this Email on Google, don’t get scammed, if you receive such an email, please delete it, don’t give them your credit card info.