Blog

Links

The namecheap.com “You are a winner!” scam

posted: June 4, 2022

tl;dr: Why cybercriminals love NameCheap and ICANN...

A relative of mine sent out an email warning others not to fall for an email scam that is especially prevalent right now: “They claim ‘you are a winner’ and all they ask for is your credit card information to cover a nominal handling charge. The first was from Home Depot for a Makita electric drill and this one is from ‘Walmart’ for a Dyson vac. Of course, the tipoff is the email address of the sender. I always check that out on unsolicited emails. This one is definitely not from Walmart or any other legitimate corporation. If it’s ‘too good to be true’ it usually is.”

I’ve seen these scam emails too. I immediately delete them since, as my relative points out, they fail the first step of any communication: establish the identity of the party with whom you are communicating. But I’m sure enough people fall for them to make them profitable for the criminals running the scam. Gee, I wonder what they are actually going to do with the credit card numbers they collect? This is one way that state-sponsored cybercriminals in North Korea and other rogue states raise foreign currency, by stealing dollars from U.S. citizens via credit card scams. That's almost certainly what is going on here.

I pursued the information in my relative’s email a bit further. It included an image (copied here) with an embedded link that went to a site with the domain name of "buildwork.club".

A fake announcement claiming to be from Walmart, congratulating the recipient for winning one of three Dyson upright vacuums pictured on a podium

Image from a scam email that takes the user to a scam website

A quick “whois” yielded information that was no surprise to me: that domain name is registered by NameCheap, the sleaziest domain registrar on the Internet. I've run across them before with another scam that they enable, which I call the "newsletter@namecheap.com" email spam scam. The domain owner claims to be in Reykjavik, Iceland, but that could be a lie or a front for scam artists located anywhere in the world.

Domain name: buildwork.club
Registry Domain ID: DEDA139CD05134A8E8158DFD993ED3149-NSR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-01-17T15:59:57.46Z
Creation Date: 2021-01-17T15:28:00.30Z
Registrar Registration Expiration Date: 2023-01-17T15:28:00.30Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS

NameCheap’s business model is to sell domain names to criminals and scam artists, without asking too many questions. Once they have a domain name and an internet presence, the scammers are able to spew misinformation, commit fraud, and steal money. I have filed many complaints with NameCheap about domains they have sold to scammers (I wrote a program to do so), and of course they’ve taken no action.

Is there any way to get NameCheap booted off the Internet? The U.S. government is leaning on social media companies like Facebook and Twitter to remove posts and accounts that they don't like, claiming they are spreading misinformation, but I don’t see them doing anything about NameCheap. In fact, the U.S. government gave up its ability to do so in 2016 when the Department of Commerce gave up control of ICANN, the Internet Corporation for Assigned Names and Numbers. ICANN determines who gets to assign domain names. ICANN is now yet another global organization, like the United Nations, World Health Organization, International Monetary Fund, etc., with important worldwide powers and no accountability to voters in any country.

Why did the U.S. government give up control of ICANN? Belief in American exceptionalism is fading in this country. Who are we in the U.S. to exert our privilege and determine who can be on the Internet? So we turned ICANN over to the “global community”. What has happened since? Cybercrime is flourishing, and the Internet itself is balkanizing, as various countries erect firewalls and other barriers to the free flow of information. Even in the U.S. our government is taking more steps to censor and control Internet content.

In the physical world, the U.S. government can stop thieves at the border. We can stop them physically from entering our houses. But cyber criminals can come right onto your computer and email inbox via the Internet. Since NameCheap won’t stop selling domains to criminals, and ICANN won’t stop NameCheap, it is up to Internet users to protect themselves.

All the smart thieves have shifted to online crime. Only the dumb ones still commit physical crimes.

Related post: The newsletter@namecheap.com email spam scam