eNom Phishing Scam

scamorspam: 
Scam
Email Address: 
tech@enom.com
Company: 
PHISHING SCAM
Type of Domain Targeting: 
all

Phishing scam. This was sent to one of my accounts I don't even use with eNom (first sign).
------------------------------------
Dear eNom Customer,

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable:

* Main site
* All web hosting services
* Email services
* Communication with the registry affecting new registrations, renewals, and transfers

For access your account follow this link - http://www.enom.com [phishing link here]

The following services will not be affected and will continue to be fully operational:

* DNS will resolve normally - although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period
* Email forwarding and site redirection will operate normally

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience.

Sincerely,
eNom Tech Support
---------------------------------------------------------------
Return-path:
Envelope-to: xxxxxxx@xxxxxxxxxxxx.xxxxx
Delivery-date: Mon, 27 Oct 2008 16:25:23 -0500
Received: from 189.58.225.30.adsl.gvt.net.br ([189.58.225.30])
by cpanel63.gzo.com with esmtp (Exim 4.69)
(envelope-from )
id 1KuZaP-0004OI-MP
for xxxxxxxx@xxxxxxxxx.xxxxx; Mon, 27 Oct 2008 16:25:23 -0500
Received: from [189.58.225.30] by efilter1.triatech.se; Mon, 27 Oct 2008 18:25:16 -0300
From: "eNom Team"
To:
Date: Mon, 27 Oct 2008 18:25:16 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C93861.5C28A300"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Aca6QPRJOIM21S00MMX0PMHGGS70G1==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2905
Message-ID: <01c93861$5c28a300$1ee13abd@andqbrky>
X-Spam-Status: Yes, score=20.8
X-Spam-Score: 208
X-Spam-Bar: ++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "sa02.gzo.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear eNom Customer, Starting at 1 AM PT on Saturday, November
1st, 2008 until 4 AM PT, we will be conducting maintenance on our database
and datacenter resulting in the following sites and services being unavailable:
[...]
Content analysis details: (20.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[189.58.225.30 listed in zen.spamhaus.org]
0.0 URIBL_RED Contains an URL listed in the URIBL redlist
[URIs: enom.com]
0.2 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: enom.com]
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: enom.com]
4.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
4.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
1.6 TVD_RCVD_IP TVD_RCVD_IP
2.6 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
0.9 XMAILER_MIMEOLE_OL_015D5 XMAILER_MIMEOLE_OL_015D5
X-Spam-Flag: YES
Subject: ***SPAM*** Maintenance at eNom.com - warning!

another variant

Submitted by kohashi on Wed, 10/29/2008 - 08:30.

Dear user,

On Tue, 28 Oct 2008 17:18:33 -0300 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Tue, 28 Oct 2008 17:18:33 -0300 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260

LINK TO CHANGE INFORMATION - http://www.enom.com

Thank you,
Domain Services

[IncidentID:39983]