I am starting to receive Coronavirus related email spam now although the majority of it appears to be the usual stuff from before.  I expect any domain procurement company to scrutinise their customers tightly during this time period, many are stuck indoors with they isolate, some spending more time online in a vulnerable mindset. There does appear to be many bad domain sellers as there are spammers.

Here is some analysis over the past week and some tips on dealing with spam.

Analytics

First, here are some analytics from one of my email accounts for the past week. The following is an analysis from an account I don’t use so much but that email address was the one I used on LinkedIn which was hacked.  Now and again I do have legitimate emails going through .

  • Number of Emails Received: 135
  • Number of Legitimate Emails: 61 (+2 that were marked as spam but went on to be legit)
  • Number of Spam Emails: 73
  • Number of Emails Quarantined: 65
  • Number of Emails Rejected: 8
  • Number of Emails I Released from Quarantine (not spam): 2
  • Number of Emails with Domains Registered with Namecheap: 63

In general most of the TLDs (top level domains) I receive email from are the non .com .org domains, the most popular ones this week were:

  • .work
  • .london
  • .cases
  • .rest
  • .uno

Namecheap

Why are the majority of spam emails I receive associated with Namecheap? That is a question I have been asking them for a couple of years for which they refuse to answer. What is wrong with their process that allows so many criminals buy on their system? They have blocked the purchase of domain keywords associated with the Coronavirus, which is good but doesn’t provide a solution to criminals using domains that don’t use those keywords from buying domains. I’ve read some minutes from ICANN meetings that include a Namecheap representative but don’t see any discussion on what the company is doing to solve this issue. Maybe they just enjoy the money coming in a little too much.

You can report abusive or spam emails to Namecheap, however, with 63 emails this is virutually impossible to do when having to include headers for each, which is why they should be addressing their bad workflow issue, but unfortunately they don’t care.

Deciphering A Spam Message

Below is a typical spam message I received. Although the subjects of much of the spam is consistent with the past 2-3 years I am now seeing Coronavirus type spam, in this case for masks which people are desperate to buy.

Spam Mask

Images

You must deactivate automatic downloading of graphics in your email program. In most emails, companies and scammers alike, have embedded an invisible graphic which pings back to the server the message was sent from. This sends a huge amount of data back to them, the worst being that they know you exist, it is sending to a legitimate email account, and that they can send you more scams. Also, your email will likely be sold on to other bad actors, or placed on a dodgy server for nasty people to download and use.

Domain

It is easy to look up a domain in ICANN, just enter the URL/s from the email and you will receive quite a bit of information back if you dig deep enough. You can find roughly the company the site is hosted or the domain supplier. It is possible to report the domain to the supplier so others aren’t victims, however, if you receive so much spam it’s impossible task to do that. If you are receiving too much spam in your inbox, contact your internet service provider or check on their website for instructions about decreasing that, for example, sending into the spam folder or elsewhere.

Unsubscribe

The unsubscribe link at the bottom of the message is most likely fake and just another way for the scammer to confirm you exist then go onto send you more spam. Do NOT click on any links within the email, it could redirect you to a site that will infect your computer will a virus or malware.

Address

Some scammers include an address at the bottom of the message, it is quite easy to investigate what is exactly at that address, assuming it exists. When looking up the address I’ve seen all manner of obscure places.

I looked up the address on the above email, it is a company that rents mailboxes. You can’t get a mailbox without some kind of registration but is the box number real? Most likely not. If it is a legitimate company they are most likely have an office in a real building but if it’s a mailbox then you know any old person off any old street can rent one, assuming it is real.

Just doing a basic search, in Google, on the address, has also bought up some information from the Better Business Bureau. That address is also being used for another fake company “Russian Beauty Online: Online Dating Services”. Even though the emails from the “Russian Beauty” rubbish might be going out with the same address in it, the domain is registered via Enom with a another address.

Final Determination

The majority of people have wised up to these scammers now and can determine what is a scam or not:

  • Uses a non .com, .org, .edu, .gov etc domain
  • Don’t recognize who its from (not from a friend or someone you do business with)
  • Doesn’t speak your language properly, like broken English
  • Is a cold calling type message
  • The promises are too good to be true

The most problematic messages are scammers pretending to be from legitimate businesses or government bodies.

It’s best to be extra careful right now as scammers take advantage of people in vulnerable situations such as during a virus epidemic. Don’t expect domain registrars to be your friend, they are either uncooperative or your email has been shared to so many bad actors it will forever be impossible to stop the spam.