Two clients have recently contacted me after receiving the following email / contact form submission from “Joe Miller” requesting payment for an e-book submission. The email includes multiple links to make a “secure online payment” and mentions the target’s URL multiple times with the word cancellation in all caps to make it seem like they need to pay this person to keep their domain.
I have included a sample message below, your version may vary but the gist will be the same — urgency and confusing language. Please ignore this message if you receive it or contact me if you have questions!
From: Joe Miller <email@example.com>
Expiration message of your [URL]
CLICK HERE FOR SECURE ONLINE PAYMENT: https://gohostingdomains.com/?n=[URL]&r=a&t=1598733535&p=v1
This purchase expiration notification [URL] advises you about the submission expiration of domain [URL] for your e-book submission.
The information in this purchase expiration notification [URL] may contains CONFIDENTIAL AND/OR LEGALLY PRIVILEGED INFORMATION from the processing department from the processing department to purchase our e-book submission. NON-COMPLETION of your submission by the given expiration date may result in CANCELLATION of the purchase.
ACT IMMEDIATELY. The submission notification [URL] for your e-book will EXPIRE WITHIN 2 DAYS after reception of this email.
Update on October 2, 2020: I received an email from a worried website owner asking me if ignoring this email will somehow harm their website. It won’t. I recommend going to this link: https://whois.domaintools.com/ to make sure you know where your domain is registered and when it expires as well as where your site is hosted. It’s good to have this information handy to help figure out which emails are legitimately related to your domain.