TBayIT - Web Design / Development, Web Hosting, Content Management Systems

TBayIT Blog

TBayIT - Web Design / Development, Web Hosting, Content Management Systems

Beware of CIRA Phishing Scams

Posted on April 18, 2011

On April 13, 2011 CIRA sent out a warning that fraudsters are targetting .ca domain name owners. If you receive a message from CIRA telling you your domain has expired and to pay to renew it – you probably received the phishing email.

Here are some warning signs and ways to protect yourself:

CIRA doesn’t typically remind domain owners to renew their domain nor takes direct payment. If you own a .ca domain it would be registered with another company like GoDaddy.com, NamesPro.ca, NetFirms.ca that would send out reminders.

Don’t click links in emails! Open your browser (preferably Chrome or Firefox), go directly to the website and login from there. This simple rule will protect you from the majority of phishing attacks.

Check your domain expiration date first by going to www.cira.ca and clicking on Whois on the top right corner. This will tell you when your domain actually expires.

Turn on Domain Privacy. Most registrars support this feature and will hide your email address and personal information. If TBayIT manages your domain, please contact us for details.

This phishing emails may have the subject line “domain.ca has expired” and state something similar to this:

This is your last chance to renew your domain name(s)!You must renew by April. 20, 2011 or the domains listed below will be cancelled.
RENEW NOW: http://www.cira.ca@25119454.info/CIRA%20-%20Canadian%20Internet%20Registration%20Authority%20-%20Home.php?dom=

If you look closely at the link, although it has cira.ca in it actually lands at 25119454.info which is not CIRA (and is currently suspended).

The CIRA warning email states:

The Canadian Internet Registration Authority (CIRA) has received reports of a phishing scam, using images from the CIRA website, which is designed to collect personal information, including credit card numbers.

This is a targeted phishing attack. CIRA wishes to advise you that CIRA does not ask for credit card information, as all registrations are performed through .CA certified Registrars. If you have provided your credit card information to this site, we strongly advise that you contact your credit card company or bank immediately.

I have seen a ton of similar scams over the years, including semi-legal ones from the “Domain Name Registry of Canada” that I wrote about previously where they send out letters that look like invoices which can easily fool someone into transferring their domain at a premium cost.

Leave a Reply

Blog & Social




Some of the technologies we utilize
Some of the web technologies used at TBayIT