SomeGuy
Veteran Member
First of all, I apologize if this is a bit too off topic, but if it is, just point me to a better place to discuss/ask about this and I will move on. Apparently my google-fu isn't what it used to be.
So obviously I have a web site domain, and a looong time ago I registered it through Network Solutions. Over all, things have been OK. The other day I happened to log in and they were making a big deal about two factor authentication (which most of the time means: you have to go buy a smart phone and cell service just so you can receive insecure texts from us, which is a problem because I don't own a smart phone and don't need one). Although it let me continue without enabling 2FA, it did "verify" my phone number - surprisingly it actually sent an automated voice call with a code. Works for me.
But this morning I get this odd sounding e-mail:
Alert: Keep Your Domain Active
From: Network Solutions <support@networksolutions.com>
Confirm Email Address
Dear [******],
This is in regards to the following account:
Email Address: [*******]
Phone Number: [********]
Address: [******hell**********]
Network Solutions is now required by ICANN (the regulating body for domain
registrations) to have all domain owners confirm their email address contact information or
their domains will be deactivated. If your domains are deactivated you will still own the
domains but you will not be able to have live websites until you verify your contact
information. If you wish to view the list of domains subject to verification, please login to
Account Manager.
To ensure your domains remain active, please click the CONFIRM button below to
confirm the email address we have for you is accurate.
If you have any questions, feel free to contact customer service at 1-866-507-1946.
Best Regards,
Network Solutions® Customer Support
Need Assistance?
Call: 1-866-507-1946
Hours: 7:00 a.m. - Midnight ET, 7 days a week
I don't have a problem with them "verifying" my e-mail address. Given I had verified my phone number recently, this seemed not too suspicions, but the way it is worded is almost typical of a scam, trying to scare people. So, I'll be on the safe side and check a bit further.
So, first check the headers: The e-mail server reports it was received as "Received: from jax4mhfb01.myregisteredsite.com ([64.69.218.94]:45138 )". That host name looks suspicious has heck, but I logged in to my account and had it send a legitimate e-mail, and that has the exact same header from the exact same IP! Older e-mails from a year or so ago actually originated directly from the networksolutions.com domain.
Very fishy. Trying to search google for any relation between networksolutions.com and myregisteredsite.com shows nothing specific, but there were few hints of a relationship.
Ok, so how about I just do a search for other people who have gotten this e-mail. Well, a couple of hits but on sites that I don't really consider "authoritative" in any way. Mixed results if this is legit or not.
How about just a site search on networksolutions.com about varying e-mails or something like this? Not a damn thing on their site! The "right" way to do this would be for me to log in on their site, click a button to "verify e-mail", received the e-mail, then enter a code on their site or open a validation URL to their site. But there is nothing like this at all!
Ok, so what about the actual "confirm" URL in the e-mail? Well, because they use HTML formatting, my e-mail client actually barfed on it, but the URL was to https://cclinks.networksolutions.com with a long string after it, apparently an "encrypted" code of some kind. Well, ok that is their site, but if that is one of those redirectors that can point anywhere...
Eh, what the hell. It will probably sign me up for more spam (meh, bring it on, I get plenty already) I took some precautions in case it case it pointed to malware or a fake web site.
See the attached screen shot. The links seem to be legit, but didn't push any further. Who the hell is "www.registrar-transfers.com"? Once again, a web search turns up nothing useful.
At any rate, if this was legit, then it is a whole pile of massive fails. I'm still left with absolutely no clue as to what is going on.
So obviously I have a web site domain, and a looong time ago I registered it through Network Solutions. Over all, things have been OK. The other day I happened to log in and they were making a big deal about two factor authentication (which most of the time means: you have to go buy a smart phone and cell service just so you can receive insecure texts from us, which is a problem because I don't own a smart phone and don't need one). Although it let me continue without enabling 2FA, it did "verify" my phone number - surprisingly it actually sent an automated voice call with a code. Works for me.
But this morning I get this odd sounding e-mail:
Alert: Keep Your Domain Active
From: Network Solutions <support@networksolutions.com>
Confirm Email Address
Dear [******],
This is in regards to the following account:
Email Address: [*******]
Phone Number: [********]
Address: [******hell**********]
Network Solutions is now required by ICANN (the regulating body for domain
registrations) to have all domain owners confirm their email address contact information or
their domains will be deactivated. If your domains are deactivated you will still own the
domains but you will not be able to have live websites until you verify your contact
information. If you wish to view the list of domains subject to verification, please login to
Account Manager.
To ensure your domains remain active, please click the CONFIRM button below to
confirm the email address we have for you is accurate.
If you have any questions, feel free to contact customer service at 1-866-507-1946.
Best Regards,
Network Solutions® Customer Support
Need Assistance?
Call: 1-866-507-1946
Hours: 7:00 a.m. - Midnight ET, 7 days a week
I don't have a problem with them "verifying" my e-mail address. Given I had verified my phone number recently, this seemed not too suspicions, but the way it is worded is almost typical of a scam, trying to scare people. So, I'll be on the safe side and check a bit further.
So, first check the headers: The e-mail server reports it was received as "Received: from jax4mhfb01.myregisteredsite.com ([64.69.218.94]:45138 )". That host name looks suspicious has heck, but I logged in to my account and had it send a legitimate e-mail, and that has the exact same header from the exact same IP! Older e-mails from a year or so ago actually originated directly from the networksolutions.com domain.
Very fishy. Trying to search google for any relation between networksolutions.com and myregisteredsite.com shows nothing specific, but there were few hints of a relationship.
Ok, so how about I just do a search for other people who have gotten this e-mail. Well, a couple of hits but on sites that I don't really consider "authoritative" in any way. Mixed results if this is legit or not.
How about just a site search on networksolutions.com about varying e-mails or something like this? Not a damn thing on their site! The "right" way to do this would be for me to log in on their site, click a button to "verify e-mail", received the e-mail, then enter a code on their site or open a validation URL to their site. But there is nothing like this at all!
Ok, so what about the actual "confirm" URL in the e-mail? Well, because they use HTML formatting, my e-mail client actually barfed on it, but the URL was to https://cclinks.networksolutions.com with a long string after it, apparently an "encrypted" code of some kind. Well, ok that is their site, but if that is one of those redirectors that can point anywhere...
Eh, what the hell. It will probably sign me up for more spam (meh, bring it on, I get plenty already) I took some precautions in case it case it pointed to malware or a fake web site.
See the attached screen shot. The links seem to be legit, but didn't push any further. Who the hell is "www.registrar-transfers.com"? Once again, a web search turns up nothing useful.
At any rate, if this was legit, then it is a whole pile of massive fails. I'm still left with absolutely no clue as to what is going on.