web analytics

Network Solutions Phishing Email (19 May 2022)

Summary

As of 2022, current Network Solutions customers continue receiving very authentic looking emails that are scam emails designed to get login credentials. These are being delivered to customers through the Network Solutions email service without being blocked or marked as spam.

Based on the wide sampling of emails sent to current and old email accounts, it seems the database of Network Solutions customers with all email accounts had been hacked at some point and is now being made available through the dark web.

Use Caution

Do not click on any links in emails claiming to be from Network Solutions. Instead, go directly to the official website and login.

Sample Email

The sample below has had the customer name, website, and email redacted for privacy. Notice the correct font, design, and colors used for the logo and other elements of the email.

Possible Email Subject

The subject lines and topics of the emails are different. Here are some sample subjects and excerpts from the emails:

  • 1 New Missed Voice Call — “Sent from a secure source…”
    • The message contains the date, time, and duration of the voicemail message. A Play button will initiate the phishing scam.
  • Alert Keep Your Domain Active — “Dear name, This is in regards to the following account: Email Address: you@yourdomain.com Phone Number: _______ [incorrect phone number listed] Address: _______ [someone else’s address] … Network Solutions is now required by ICANN (the regulating body for domain registrations) to have all domain owners confirm their email address contact information or their domains will be deactivated . If your domains are deactivated you will still own the domains but you will not be able to have live websites until you verify your contact information. If you wish to view the list of domains subject to verification, please login to Account Manager. To ensure your domains remain active, please click the CONFIRM button below to confirm the email address we have for you is accurate.”
    • Note that comments in brackets have been added. The email is worded in a way to invoke a response by the recipient to respond because incorrect information is listed.
  • Delivery Report — “15 messages are being held for your review, Kindly resolve this email issues to avoid missing important mails. Review these messages now by following below instruction. Prevented messages (5)”
  • Email Administrator — “You have (6) incoming messages that could not be delivered to _____ Kindly resolve this email issues to avoid missing important mails”
  • Email delivery error — “Delivery Report … 12 messages are being held for your review, Kindly resolve this email issues to avoid missing important mails. Resolve these issues now by following below instruction. Prevented messages (12)”
  • Message(s) Delivery Report — “15 messages are being held for your review, Kindly resolve this email issues to avoid missing important mails. Review these messages now by following below instruction. Prevented messages (15) Receiver: email@yourdomain.com Message type: High priority message”
  • Pending Emails — “Attention User, Your email messages are now queued up and pending delivery because your email has not been resently validated. All pending messages will be deleted within 48hrs if you do not take action. You are required to verify your email mail@resourcesforlife.com to restore normal email delivery.”
  • Please Confirm Your Email Address Upgrade — “Please Confirm Your Email Address Upgrade … Hello Please note that mail@resourcesforlife.com is undergoing routine maintenance and your mailbox is using old security settings to handle incoming and outgoing messages. If you fail to confirm as an active user of your email account within 24 hours of receiving this automated email, you will be prevented from sending and receiving emails … Click Confirm / Upgrade … Thank you Network Solutions Email service ©2022 yourwebsite.com team all right reserved”
    • Note that the copyright of the message is attributed to your own website name rather than Network Solutions.
  • TicketID:_____ Password Expiration Notice — “Important Security Notice Hi username, Your _ pаsword is sеt to еxpire in 0 dаy(s). email@yourwebsite.com We encоurage yоu to take the tіme nоw to maintaіn yоur pаsswоrd actіvіty to avoіd logіn іnterruption. Kееp My Раssword [link] Nоtе: We won’t bе hеld responsіblе for any аccоunt lоss Thаnk you, © 2022 [yourusername]. All rights reserved.”
    • Note that the copyright of the message is attributed to your own Network Solutions username.
  • Undeliverable: You Have 18 Failed Messages — “Your messages are now queued up pending delivery because your email has not been recently validated. All pending messages will be deleted within 48hrs.”
  • URGENT: Your domain is expirying in 2 days — “Hi Network Solutions Customer, URGENT: Domain _ expiring in 2 days. You are receiving this email because you are the owner of the domain regalmachine.com according to our records. URGENT! This domain will expire in 2 days. This is your final reminder. Please login the attached file to this mail. This pre login is important to extend your validation date. See attachement for more details Best Regards, The Network Solutions Team”
  • You are obligated to confirm the email address for your domain ref: yourwebsite.com — “Don’t send this email on to anyone else as it contains sensitive information! ICANN regulations, you are obligated to confirm the email address for the following domain(s) Automatically deleted in 7 days This is in regards to the following account : Domain : yourwebsite.com Email Address :email@yourwebsite.com Intermedia is now required by ICANN (the regulating body for domain registrations) to have all domain owners confirm their email address contact information or their domain will be deactivated. If your domain is deactivated you will still own the domain but you will not be able to have a live website until you verify your contact information. To ensure your domain remain active, please click the CONFIRM button below to confirm the email address we have for you is accurate.”

Common Themes

The email samples above are a few from many dozens collected in recent months. The message is worded in a way to convey a sense of urgency, and get the recipient to respond to correct something or ensure that an account or service isn’t terminated.

Global Impact

The map below shows recent visits to this page based on location. This illustrates the broad impact of the issue.