Recently my uncle received the following email (I’ve redacted some things and highlighted some) :

this is the classic phishing email with some truths, but ultimately lots of conflicting information.

couple things to look at:

  1. Originating email – du@totas.org.cn – at first glance it seems pretty legit, but when doing a google search on it, or even attempting to go there, it goes no where
  2. Content – written in broken english, the email attempts to play good cop by telling the user that another party has been attempting to register a domain name that is similar to the current one we have. As you know, must domain registrations are unrestricted and allows for anyone to register whatever they want, so this sort of ploy is counter to what we know.
  3. Footer – in order to look more authentic the phisher decided to include a real company, or on further investigation a company that seems to do domain name registrations. couple issues with this one. so the originating email and footer have different domain names, flag 1. they use a .org to have a semblance of authenticity, but most orgs usually dont try to outright sell services. if there was some sort of governing body over domain names, i would have expected a .gov.