Select Page

ICANN – the Internet Corporation for Assigned Names and Numbers – keeps a registry of names and contact information for every internet domain name. ICANN periodically sends reminder emails like this one, and everyone who operates a website has seen them.

This one is fake.

But it’s a pretty good fake, other than the sending email address. The attackers should have fudged into the sending email address to make it look like it came from ICANN. I’ll never understand why anyone would go to so much trouble to craft a phishing masterpiece, but ignore this basic detail. Scroll below this first screen shot for more.

Fake email claiming to come from ICANN.

I decided to try the “Verify email address link.” I did it from an account without any local or network-wide admin permissions, so the worst I could do was mess up my own profile on one computer. As they say, we are professionals. Do not try this at home.

Here is where the link took me.

Click on the link in the fake ICANN email and it takes you to a website that imitates Microsoft OWA. This will fool many website operators.

Yep. Just feed it my email password and they’ll own me.

The attackers did a masterful job of impersonating Microsoft OWA, but they need to solve two problems.

  1. Context – why would an ICANN update request direct me to a Microsoft OWA login screen?
  2. The random URL is a giveaway.

This will catch many website owners who don’t know better. But it won’t fool you. Don’t phall for phishing. I’ll give this one an A-.

For more phishing samples, see my phish collection.