Russan E-Mail Scam

There has been an inordinate amount of e-mails coming to individuals not only on the coast, but all over the United States. These e-mails say they are coming from your Internet registrar (even if you don't have a website or a registered domain) and they are asking you to update your information. This is criminal Internet activity and it should be stopped!

An e-mail that looks like it comes from the registrar, for example, Network Solutions looks legitimate in every way on the face. But in actuality, it is a clever way to trick individuals into giving up their financial data, and login information.

Unthinking people will click on a link that takes them to a ghost site that looks exactly like the registrar's website and login with their user ID and password. What happens, is at that point you have given the keys to your home or your business (or your bank account) to some unscrupulous criminal that will log in and get your information and possibly spoof your website by redirecting it to their website it looks like yours. Or they'll just destroy your website and take it off-line and altogether.

I received an e-mail from network solutions, my registrar commenting on, and pointing out that this phishing scam exists, and is a real threat to security. (Not that I didn't already know it). I've also received a fake e-mail (yes the e-mail in question) from one of these Internet criminals.

This is the e-mail I received from Network Solutions. It explains the scam and points out some of the security measures that can be taken just in case you were duped into clicking on a link and exposing yourself to these phishing freaks.

Dear Valued Network Solutions Customer:

We've recently become aware of a phishing scam targeting domain name customers of a small number of registrars including Network Solutions.we wanted to alert you of this situation. Phishing is the practice of luring unsuspecting Internet users to a fake website using authentic looking e-mail in an attempt to steal passwords, account information, or other sensitive data.

At this time, we know that fraudulent e-mails are being sent to some domain name customers, regardless of who the registrar of record is, which include links to sites that look like network or other domain provider sites; however, they are fake websites. These e-mails are attempting to capture login information. For more information and tips on identifying phishing scams, please visit our blog at

If you believe you have received an e-mail of this type, have clicked on the link, and provided your login information, we recommend the following for security purposes:

  1. Login to Your Account from the Network Solutions Website.
  2. Review your account information for accuracy
  3. Choose a New Password and Security Question and Answer
  4. Change Your Password

Thank You for Your Attention

Network Solutions Customer Support

Network solutions privacy policy:

Network Solutions Service Agreement:

I have included links to Network Solutions service agreement, and their privacy policy. They are a stellar organization with excellent employees and customer service.

What follows is some source code from an e-mail I received this morning attempting to do me in. It is a weak attempt, but looks convincing. What you see following is the e-mail itself.

Fake E-Mail Follows

Dear Network Solutions® Customer,

On Thu, 30 Oct 2008 21:24:57 -0400 we received a third party complaint of invalid domain contact information in the Whois database for this domain.

Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

Log in to Account Manager at: Click on the "Profile & Accounts" tab in the left navigation menu to be taken to a page listing your account details. Click on "Accounts" and select the account you wish to edit. Click "View/Edit WHOIS Contacts" to make your updates. If you believe someone requested this change without your consent, please contact Customer Service. If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions.

We are committed to providing you with the solutions, services, and support to help you succeed online.


Network Solutions® Customer Support

The above is an example of a fake e-mail representing itself as A Network Solutions communiqué to a legitimate customer.. In Fact, the e-mail is from the Russian Federation.  And the link to network solutions does not take you there! (I've italicized  and made the text red... in addition I have disabled the link )  It looks pretty good. Don't Be Duped

The image that follows, is some of the source code from the message above showing the BOGUS link.


What is that behind ? .sys78.bIz That is the domain that is trying to steal your Information.  It took about 30 seconds to find out who they are. I posted whois information and it follows:

Domain Name: SYS78.BIZ
Domain ID: D27947079-BIZ
Sponsoring Registrar IANA ID:        82
Domain Status:   clientHold
Domain Status:      clientTransferProhibited
Registrant ID:     OLNI_175394_0_5
Registrant Name: Shestakov Yuriy
Registrant Organization:  Shestakov Yuriy
Registrant Address1:    Lenina 21 16
Registrant City:      Mirniy
Registrant State/Province:      MSK
Registrant Postal Code:   102422
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number:     +7.9218839910
Registrant Facsimile Number: +7.9218839910
Registrant Email:  *********
Administrative Contact ID: OLNI_175394_1_5
Administrative Contact Name:           Shestakov Yuriy
Administrative Contact Organization:Shestakov Yuriy
Administrative Contact Address1:      Lenina 21 16
Administrative Contact City:      Mirniy
Administrative Contact State/Province: MSK
Administrative Contact Postal Code: 102422
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number:      +7.9218839910
Administrative Contact Facsimile Number: +7.9218839910
Administrative Contact Email: *********
Billing Contact ID: OLNI_175394_3_5
Billing Contact Name: Shestakov Yuriy
Billing Contact Organization: Shestakov Yuriy
Billing Contact Address1: Lenina 21 16
Billing Contact City: Mirniy
Billing Contact State/Province: MSK
Billing Contact Postal Code: 102422
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +7.9218839910
Billing Contact Facsimile Number: +7.9218839910
Billing Contact Email: *********
Technical Contact ID: OLNI_175394_2_5
Technical Contact Name: Shestakov Yuriy
Technical Contact Organization: Shestakov Yuriy
Technical Contact Address1: Lenina 21 16
Technical Contact City: Mirniy
Technical Contact State/Province: MSK
Technical Contact Postal Code: 102422
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +7.9218839910
Technical Contact Facsimile Number: +7.9218839910
Technical Contact Email: *********

Last Updated by Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM
Domain Registration Date: Thu Oct 30 18:20:39 GMT 2008
Domain Expiration Date: Thu Oct 29 23:59:59 GMT 2009
Domain Last Updated Date: Fri Oct 31 05:08:53 GMT 2008

What this tells us is that Yuriy Shestakov is an international criminal. He registered this domain October 30, 2008, only for one year, and next year he'll register another.  Within only a few days he was set up to conduct espionage against American citizens,  And other unsuspecting persons  worldwide. Yuriy Shestakov wants to steal our identities. And there's nothing we can do about it.   Because American laws have no effect in the "Russian Federation".

As long as our government allows this type of activity to continue, we'll have to tolerate it whether we like it or not.

I googled this young Russian soccer player....  and discovered this is not the first website he's used to try to steal our money and our identities.

If you wish to write a letter to Yuriy, his address is above in plain black and white. You can even call +7.9218839910 if you wish to place your objections to him personally, and tell him to stop trying to rip us off. I noticed that his e-mail address has been obfuscated so we can't send him an e-mail....But his DNS SOA record shows his domain's admin e-mail is hostmaster@neustar.bIz.

Yuriy Shestakov is a user of America Online, a lowlife scumbag criminal from the Russian Federation. Unfortunately, America Online will sell an account to anyone... even an alleged international criminal.

Don't fall prey to this type of scam. If you don't recognize the person that is e-mailing you, delete the message and move on with your life.

This article is an expression of my First Amendment Rights as expressed in the US Constitution . It is my own opinion and reflects some of my views regarding SPAM..

««« Previous... The Hitchhikers Guide to the Internet | Top of Page | Next... About Luna »»»