SECURITY: Potential SCAM from Domain Name Services (www.fns.org)

If you are receiving snail mail from Domain Name Services (www.fns.org), to renew your domain name, you could be potentially receiving a SCAM notice known as domain slamming¹, to deceive registrants to switch domain services². The notice contains the domain name that is set to expire at a given time, an amount to pay, and a balance of timeframe of the renewal. If you are familiar with reserving domain names, the common registrars include GoDaddy, NameCheap, Squarespace, and many others³. They provide direct notifications to your email and I've never heard of any of them contacting anyone through snail mail. Receiving a notification via snail mail seemed odd, since these registrars notify their customers through email.

I go over some cyber security tools used to detect threat vectors along with simple steps to avoid potential issues, and provide consolidated research about the company. This is in no way exhaustive, but will be helpful in determining what is right for you or your organization.

Doing a VirusTotal scan reveals that Fortinet (ADMINUSLabs) flags the website for phishing and that the registrar is BRANDON GRAY INTERNET SERVICES INC. (dba "NameJuice.com").⁴ Doing a VirusTotal scan of NameJuice.com results with Gridinsoft (Forcepoint Threatseeker) also flagging the site for phishing.⁵

Since these cybersecurity tools are automated, the results that they come up with could also be a false positive. However, make note that several cybersecurity tools have flagged them for being suspicious.

Doing a business search in the New York business database provided "0" results, with the only result showing, "Global Domain Name Service, Inc", with DOS ID 2378348, initially filed on 5/14/1999 and dissolved 6/25/2003 ⁶:

Domain Name Services
2316 Delaware Ave, Suite #306
Buffalo,NY 14216

The acronym "FNS" is also associated with the Food and Nutrition Services. Recipients can receive legitimate text messages from them. Per the official organization's announcement, recipients should exercise precautions to avoid scams by looking out for⁷...

"Both DSS and NCDHHS have also shared recommendations for avoiding scams. According to officials, legitimate texts from organizations like Food and Nutrition Services (FNS) do not include a website link that requires users to click. Ignore messages asking for sensitive information, such as EBT card details or PINs, which are common signs of phishing attempts."  

For the most part, the document looks and feels legit, down to the envelope, paper type, paper thickness, and overall design of the document. Unsuspecting individuals not familiar with managing domain names would have a likelihood of submitting a check, scanning the qrcode, or paying through their online interface that would potentially have negative consequences.

To be fair, Brandon Gray Internet Services, Inc is a registered domain name registrar based in Markham, Ontario, Canada competing with the larger registrar companies. However, In December 23, 2003, the Federal Trade Commission (FTC) accused they allegedly use notices/invoices that mislead consumers into renewing their registration and fails to disclose a processing fee.¹ In 2014, The Internet Corporation of Assigned Names and Numbers (ICANN) sent a breach of registrar accreditation for being noncompliant⁸.

In any regard, playing it safe is often the best action to take. Here are some great tips to reduce risk:

• If you receive these types of notifications:
  • Carefully read the document(s) and to double check with your administrator or someone familiar with the matter.
  • DO NOT SCAN THE QRCODE or visit the suggested site.
  • If viewing from a browser (desktop only), you can check the link by right clicking with your mouse, and choose inspect element; the html element attribute will be labeled with href="www.some-link.com".
• If you accidentally visit a site flagged for phishing⁹:
  • Check running process on your device (pc):
    • Linux, Mac: htop
    • Windows: Taskmanager
  • Disconnect from the internet immediately.
  • Clear browser cache.

While these actions are not full proof, they do provide several attempts to, at a minimum, reduce the likelihood of encountering issues. Being cautious is always a good measure to practice.

This blog post in no way tries to implicate Domain Name Services (Brandon Gray Internet Services, Inc.) but instead provides suggestions by exercising caution after the snail mail was brought to my attention. If you have experience with Domain Name Services (www.fns.org), please share your insights.

REFERENCES

1. Wikipedia: Brandon Gray Internet Services, Inc ↩ ↩²

2. Wikipedia: Domain Slamming ↩

3. Considering the limited options for search to not, by default, use AI, the initial search query, using AI, provided a summary of the search, "fns.org scam?". The proceeding references includes the direct links of the query. ↩

4. Virus Total official results for www.fns.org, for more info visit gridinsoft flags fns.org for being fraudulent ↩

5. Virus Total official results for NameJuice.com ↩

6. NY business search ↩

7. Confused about the acronym "FNS"? Read the article by WCNC for more detals: Yes, text messages from NCDHHS about FNS are real. What you should know ↩

8. ICANN official notice of noncompliance to Brandon Gray Internet Services ↩

9. "clean up your computer after visiting a website flagged for fishing" AI search ↩