Malicious phishing emails in circulation

Hamburg, 05.11.2015


Currently, many domain owners are receiving fake mails informing them about an alleged blocking of their domain due to misuse. The mails look genuine because

  • deLink or other, actually existing registrars are indicated as the sender.
  • the email address of the recipient is correct
  • the personal form of address is correct
  • the domain really belongs to the recipient

The data has apparently been tapped from the public Whois information of the domain. The text of the mail reads something like

Dear Hans Mustermann,

The Domain Name have been suspended for violation of the deLink GmbH Abuse Policy.

Multiple warnings were sent by deLink GmbH Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

These mails are FALSE.

If you click on the link provided, you are most likely downloading a Trojan onto your device. If you are in doubt, please forward the mail to us, we will investigate it and give you feedback.