On 12/22/2008 04:15 AM, Gen Kanai:
On Dec 22, 2008, at 9:49 AM, Eddy Nigg wrote:
On 12/22/2008 02:09 AM, Eddy Nigg:
Has anybody an idea how to prevent those spam and scam attempts? I
already contacted Godaddy with an abuse complaint. What else?
Apparently this site is connected to Comodo. I went all the way and
paid for a certificate in order to find out who is responsible for
this scam. I'm contacting the reps from Comodo, contacted Paypal which
they also use for payment processing, Entrust which issued their site
certificate, Godaddy which sold the domain.
Eddy,
Can you provide us a little more background here as to what you just
experienced?
I received today the email which I forwarded to the list. Apparently
they operate a robot scanning for secured sites and send a "reminder"
message prior to expiration of the certificate, pretending and
resembling our own messages which we send out to our own legitimate
users and customers.
The email is clearly an attempt to trick our customers and that of
others believing that they have to renew their certificate (which I
received exactly 10 days before expiration of the installed certificate)
and by clicking at the link. The name certstart.com resembles that of
our own sites cert.startcom.org and startssl.com.
Once using the link, the site lists the domain name and pretended
further to renew the SSL certificate for domain startcom.org.
I tried to find out who is behind this scam, but nowhere is the CA
listed. The site itself is secured by an Equifax certificate. So I went
all the way through, registered * and ordered one of their certs for our
domain, paid via Paypal and received a shiny certificate for 45 US$ from
Comodo. I retained all evidences of the emails, screen shots, Paypal
payments, certificates, etc.
I contacted all parties involved including my contact at Comodo. I also
had contact with the operator of this site himself and requested
immediate cessation of all activities including the web site itself.
* During "Renewal" the site requests "New username", further giving the
impression as if one already had previously a username.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [email protected]
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
