New scam hits the market: domain names are wanted in China

Today I opened an e-mail titled Regarding“ cyberwarzone”Brand. CWZ CYBERWARZONE is an registered company in The Netherlands so I thought it was an serious e-mail. I opened the e-mail and the following message was presented in the e-mail.

---

 Letter to the President or Brand Owner, thanks)
 Dear President,
We are the department of Asian Domain Registration Service in China. Here I have something to confirm with you. We formally received an application on July 31 2012 that a company claimed Masier Industrial Co. Ltd were applying to register "cyberwarzone" as their Net Brand and some domain names through our firm.
Now we are handling this registration, and after our initial checking, we found the name were similar to your company's, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we would finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we could handle this issue better. After the deadline we will unconditionally finish the registration for Masier Industrial Co. Ltd.Looking forward to your prompt reply.
Best Regards,
Ashin Yang
Registration Dept.
Tel: +0086-28-8591-5586 || Fax: +0086-28-8591-2116
Address:8/F XiYu building No,52 JinDun Road,QingYang District,Chengdu City,China.

---

I first wanted to respond to the message, saying that what happends in China has no relationships with the CWZ CYBERWARZONE company in The Netherlands, but I did an simple search on Google.
So I went to the google website and I copied the following line from the e-mail:

"We are the department of Asian Domain Registration Service in China. Here I have something to confirm with you. "

The search query had done it's work. Within a milisecond the page provided multiple links having the copied text in them. This mostly happends to e-mails that are not trusted. One of the link included an link to the ESET website - discussing this type of threats.

ESET WROTE

How does the actual scam work? By abusing the trust of the recipient. If I were to reply to the above message, “Richard Zhang” of the “Asian Domain Registration Service” (or whomever in the organization behind the scam is monitoring the mailbox) would notify me that unless I register my domain names with them for a fee, they will be given to the other party. I might even have to participate in a fake bidding war against the imaginary company trying to register my domain names. If I ask for the contact information for the company trying to register my domains, I will be told it cannot be given out “for privacy reasons.” And, of course, since it is a fictitious company name, I will not be able to find it by searching on it.

 

All in all, it’s a simple way for a scammer to take someone’s money: They don’t have to write any malicious software, hack into any systems or have any technical expertise beyond running a real domain registration business. They simply use social engineering techniques to trick you into registering domains with them that you do not need, do not use and no one else is buying, either.