Help Us Shape The Internet's Future

Registrar Impersonation in Phishing Attacks

26 August 2008

Host: Dave Piscitello, Security and Stability Advisory Committee

Audio: [English], [Français], [Español] (stream server)

Presentation: SSAC Presentation on Registrar Impersonation in Phishing Attacks (PDF, 120K)

Video of the Adobe Connect Session:

(The audio file and the Adobe Connect video presentation have been edited to be synchronous. Please make sure you start both at the same time to follow the presentation in real time.)

Description: What is Registrar Impersonation in Phishing Attacks?


The attacker impersonates a domain name registrar and sends an expected or anticipated correspondence to a registrar’s customer (a registrant) regarding a domain name related matter. Examples of expected correspondence include a notice of pending expiration of a domain name registration, a promotional email, a notice informing the registrant of an account management issue, or generally, any correspondence that requires or encourages a customer’s immediate attention. The correspondence, however, is bogus. The phisher creates a web site that is deceptively similar to the registrar’s site to induce the customer into accessing his domain management account and unwittingly disclose his account credentials to the phisher. The phisher will use the customer’s captured credentials to access the customer’s domain name portfolio, alter DNS information of domain name(s) in that account and use the domains to abet additional attacks.