esp logo
 Elliott Sound Products Scams 

Scams & Ripoffs #13 ...


Copyright © 2005-2021 - Rod Elliott (ESP)
Page Created September 2019, Updated February 2021
HomeMain Index HomeSpam, Scam & Security Index HomeMain Scam Index
Contents
Introduction

Some of us may have seen e-mails that claim that a Chinese company plans to use the domain name for your own website.  This one is quite tricky, because searching for the scam won't reveal anything useful.  The trick is to know what to search for!  In this case, the search term is 'purchase internet keyword' (without the quotes).  In China (and perhaps some other Asian countries) it is possible to purchase an 'internet keyword', because that enables people without a Chinese language set on their PC to find Asian domains.

Once armed with the proper search term, there are countless hits on the major search engines, and it is indeed a scam.  The idea (predictably) is to charge outrageous sums to register the domain names, usually at least ten times the price if they were registered by a more mainstream registrar.  Run a search for 'internet keyword registration' and there are over 31 million results (not all will be valid of course).  There are several examples on the first page that are almost identical to the one shown here.  The problem is that people won't 'automatically' know just what to search for if they get this type of email.

13 - Chinese Domain Name Scam

My e-mail address and mail server IP addresses have been removed, the remainder is verbatim.

Subject: notice protect-- internet trademark intellectual property safeguard

Dear CEO,

(It's very urgent, please transfer this email to your CEO. If this email affects you, we are very sorry, 
please ignore this email. Thanks)

We are a Network Service Company which is the domain name registration center in China.
We received an application from Hua Hai Ltd on September 9, 2019. They want to register " sound-au " as
their Internet Keyword and "sound-au.cn ", " sound-au.com.cn ", "sound-au.net.cn ", "sound-au.org.cn",
"sound-au.asia" domain names, they are in China and Asia domain names. But after checking it, we find 
" sound-au " conflicts with your company. In order to deal with this matter better, so we send you email 
and confirm whether this company is your distributor or business partner in China or not?

Best Regards

**************************************
Mike Zhang | Service Manager
Cn YG Domain (Head Office)
No. 300, Xuanhua Road, Changning District, Shanghai200050, China
Tel: +86-2161918696 | Fax: +86-2161918697  | Mob: +86-1582177 1823
Web: www(dot)cnygdomain(dot)cn
**************************************

The above looks as if the Chinese registrar is doing the 'right thing' by alerting you to an attempt to hijack your domain name.  However, all is not as it seems.  A couple of days later, after informing 'Mike Zhang' that I was displeased (to put it mildly), another email turns up ...

Subject: "sound-au"
From: 
Date: 16/09/2019, 2:27 pm
To: <'my email address'>

notice protect-- internet trademark intellectual property safeguard

Dear Sirs,

We are Hua Hai Ltd based in chinese office, our company has submitted the "sound-au" as CN/ASIA (sound-au.asia,
sound-au.cn, sound-au.com.cn, sound-au.net.cn, sound-au.org.cn domain name and Internet Keyword "sound-au", we 
are waiting for Mr. Mike's approval. We think these names are very important for our business in China and Asia
market, so we have to register this name, and we believe that we can successfully register this name. Even though
Mr. Mike advises us to change another name, we will persist in this name, no one can stop our registration.

Best regards

Chen ZhiFeng

Hua Hai Ltd

Well, could this be genuine?  NO!  Reputable companies will choose a domain name (that is NOT used elsewhere), and won't try to hijack an existing domain name.  Nor will they make threatening comments such as "no one can stop our registration".  While this is essentially true, it's rather beside the point - they have on (and only one) goal, and that's to make you think that the attempt is legitimate.  In reality, nothing could be further from the truth, as the following indicates (once the form was sent it all became very clear!).

Dear Rod Elliott,

Based on your company having no relationship with them, we have suggested they should choose another name to avoid
this conflict but they insist on this name as CN/ASIA domain names ( sound-au.asia , sound-au.cn, sound-au.com.cn,
sound-au.net.cn, sound-au.org.cn) and internet keyword (sound-au) on the internet. In our opinion, maybe they do 
the similar business as your company and register it to promote his company.

According to the domain name registration principle: The domain names and internet keyword which applied based on 
the international principle are opened to companies as well as individuals. Any companies or individuals have rights
to register any domain name and internet keyword which are unregistered.

Because your company haven't registered this name as CN/ASIA domains and internet keyword on the internet, anyone
can obtain them by registration. However, in order to avoid this conflict, the trademark or original name owner has
priority to make this registration in our audit period. If your company is the original owner of this name and want
to register these CN/ASIA domain names (sound-au.asia, sound-au.cn, sound-au.com.cn, sound-au.net.cn, sound-au.org.cn)
and internet keyword (sound-au) to prevent anybody from using them, please inform us. We can send an application form
with price list to you and help you register these within dispute period. Look forward to your kind reply!

Best Regards

**************************************
Mike Zhang | Service Manager
Cn YG Domain (Head Office)
No. 300, Xuanhua Road, Changning District, Shanghai200050, China
Tel: +86-2161918696 | Fax: +86-2161918697  | Mob: +86-1582177 1823
Web: www.cnygdomain.com
**************************************

I duly received the application form, and to say that the prices are staggering is putting it rather mildly.  The form sent is reproduced here for the sake of completeness.

chinese domain scam 1

To put this into perspective, I checked how much it would cost for me to register 'sound-au.cn' with GoDaddy - US$10.33 for the first year, and US$14.77 per year thereafter.  In order to register a Chinese domain name (.cn), one must provide proof of residency - in ChinaICANN (Internet Corporation for Assigned Names and Numbers) will not allow me (for example) to register Chinese domain names unless I can provide the required documentation, and it's fairly safe to say that if I were stupid enough to send the full US$1,775 for 5 year registrations of each listed item, I would simply lose the money.

chinese domain scam 2

I have included the second page simply because it was part of the form.  It's not even mildly interesting, and it's also worth noting that 'cnygdomain.cn' actually exists.  However, the domain from which the email(s) were sent is 'cnygdomain-ltd.net.cn' - which does not exist.  I can't speak for the authenticity, professionalism or integrity of the real version, but since the emails from 'Mike Zhang' came from a different (non-existent) domain, I'd probably be wise to avoid his emails, as would anyone else.  The email address was 'spoofed' to make it appear to have come from 'cnygdomain.cn', but the 'reply-to' address was at the 'real' URL - this should be enough to make anyone suspicious.

Performing a search for any domain name on the 'real' site simply shows a 'progress bar' that endlessly pretends to be doing something.  For what it's worth, I own the domain name 'sound-au.asia', (not from 'cnygdomain' of course) but it's currently parked and doesn't do anything useful - other than prevent Chinese scammers from offering it to me at an inflated price of course. 

14 - 'Shipping Account Overdue' Scam

The first of these almost looked like it was accidental.  The email itself wasn't full of the usual grammatical errors and bad spelling we associate with scams, but it came with an attachment!  That's a warning, especially when it's a Microsoft spreadsheet ('Statement of Account as of Jan_27_2021.xlsm').  These can be (and are) capable of including program instructions (macros) that come bearing 'gifts', but not of the good kind.

The two malware emails I received were both purportedly from 'MSC', but they can easily be from any (alleged) organisation from which one might expect to receive an invoice.  The target is usually another organisation where emails will be dealt with by office staff, who may not be aware that the email is a fraud.  The criminals count on this - however they don't really care who opens their email, as all they want to do is compromise as many computers as possible.

To: recipient address
Subject: Ocean Freight Payment Notice Of 02_01_2021
Date: Mon, 1 Feb 2021 20:36:22 +0400
From: Credit and Collections Dept 

Dear Valued Customer,

Please find attached statement of your account including all current, past due and credit balances.
Kindly note, this statement may not reflect payments submitted in the last 48 hours.

        Current:                        $0.00
        1-30 days overdue:              $1,820.00
        31-60 days overdue:             $0.00
        61-90 days overdue:             $0.00
        91-180 days overdue:            $0.00
        Over 180 days overdue:  $0.00

Total Overdue: $1,820.00

Available Credits from Overpayments: $0.00

Please remit payment at your earliest convenience.

For wire transfers use: Your remittance advice shall be emailed to us062-Achpaymentsnewyork@msc.com and should include payer name, 
full amount of the wire and break-down allocation of the payment by invoice/bill of lading number.

Best Regards,

Credit and Collections Dept
MSC MEDITERRANEAN SHIPPING COMPANY (USA) INC.

The MSC email virus results in a malware infection which conducts a series of malevolent activities in the background and wreaks havoc on the PC.  This nasty trojan virus is spread through a malspam campaign in which thousands of fake emails are sent by cyber-criminals that are presented as official, urgent or important letters from some well-known companies.  These mails usually contain a malware 'loader' within a spreadsheet file.  The aim of the criminals is to deceive recipients into downloading and opening the file that eventually leads to the installation of 'Dridex'.  Such mails are generally disguised as a letter from MSC (Mediterranean Shipping Company).  However, the actual MSC company has no relation with this scheme.

No-one should ever open an attachment unless 100% certain of its authenticity.  Your 'office' software should be configured to not allow macros by default, and it pretty much goes without saying that any unsolicited email or mail from a company that you've never dealt with should always be viewed with the greatest suspicion.  This particular piece of nastiness was easily detected in my case, but many larger organisations will employ semi-skilled personnel in secretarial roles, and they will often be unaware that the email is a complete fraud.  Naturally, the criminals behind such scams rely on exactly that!

HomeMain Index HomeSpam, Scam & Security Index HomeMain Scam Index
Copyright Notice. This article, including but not limited to all text and diagrams, may be freely distributed in the interests of helping to prevent fraud, scams and spam. Please include a link to this page if you use the info elsewhere.  Note that the ESP® logo is the registered trade mark of Elliott Sound Products, and may not be reproduced without permission from Rod Elliott.
Page created and copyright © 29 September 2019./ Updated Feb 2021 - MSC scam.