This is the message I had from WordPress, I have redacted some of the information and sent the hacker an email. The original WordPress message can be seen at the bottom of the screenshot.
Fw:  Failed WordPress login attempt by IP 188.8.131.52
From: xxxxxx@xxxxxxxxxxxxx Tue 08/06/2021 11:37
I have just done an IP Address Look UP
IP Address Location Information for 184.108.40.206
SCROLL TO READ NOTIFICATION FROM WORDPRESS
Postal Code: 5403
Time Zone: +06:00
Host Info for 220.127.116.11ASN: 135115ISP: Wims OnlineHost Name: 18.104.22.168 Domain: wimsbd.com
Proxy Check Info for 22.214.171.124
And am wondering why you are attempting to hack www.disabledentrepreneur.uk ??????????????????????🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬 IF YOU PLAY WITH FIRE, YOU WILL GET BURNT!🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
From: email@example.com <firstname.lastname@example.org> Sent: 08 June 2021 10:48 To: xxxxxxxx@xxxxxxxxxxxxxxxx> Subject:  Failed WordPress login attempt by IP 126.96.36.199
12 failed login attempts (3 lockout(s)) from IP 188.8.131.52 Last user attempted: xxxxxxxxxxxx IP was blocked for 20 minutes
This notification was sent automatically via Limit Login Attempts Reloaded Plugin. This is installed on your disabledentrepreneur.uk WordPress site. Please login to your WordPress dashboard to view more info.
Under Attack? Try our advanced protection. Have Questions? Visit our help section.
I have never thought too much about it until one of my clients forwarded me an email he had received from a person supposedly trying to steal my business. I had to look twice and realised that the entity was actually referring to an old domain my client had until it was stolen and cybersquatted.
You can ready the whole three part cybersqualtting incident here:
Futhermore the domain supposedly changed hands in July of this year but my client is still getting emails this tells me the same entity is still using the domain name and still has my client’s data. Had the domain really have gone to a thirdparty they would not have had access to my clients data or email address. My client’s email that he received today was to his gmail email not his company email meaning how would the new owner know about my clients gmail email unless they were one and the same entity?
So when you open these emails two things that can happen if you reply to such emails they could either be malware infected and will be embed on your computer or you may get lots of spam messages whereby the sender will be then able to use your email address and spam other people.
Another way cyber criminals work is by using undisclosed email addresses this way they can send bulk emails. An undisclosed email may be used if you previously have had an email subscription and your email has be leaked or sold to a thirdparty that may then want to send out spam emails in bulk.
This goes against your privacy protection and you have to remember that email lists are worth a lot of money to some people so it stands to reason that they can be sold and misused.
How to spot a dodgy email.
Apple know how to spell and they use their company name to send out information.
Check For Misspellings
The first and most obvious tip-off is misspellings. In the header above, the name of the company is spelled incorrectly, and the likelihood that a big corporation would misspell its own name is pretty unlikely.
Also look out for subdomain names such as email@example.com No legitimate company would send out emails from their subdomain. Subdomains are the extension to a the originators website and are mainly used for blogs: https://ukdomainbrokers.ukwebsitedesigners.co.uk/
So for all intent and puposes the above is an example of my sub domain and I would not send out an email from firstname.lastname@example.org. I would however send one out from email@example.com
Another quick trick is to look up the IP address the message came from. If it’s in a different country than the company, it’s probably fake.
The “Received” line tells you where the email originated from. If the email is actually from who it says it’s from, it would probably come from the company’s website. In the email above, the website the email came from has nothing to do with the company it says it’s from. If however the email mimicks your email the sender is hiding their identity.
Same goes for the “Reply To” field. You can tell the email address has been spoofed because the “Reply To” address doesn’t match the “From” address.
Email spoofing the process of disguising the original senders identity by creating email messages with a forged sender email address. The core email protocols do not have any mechanism for authentication, making it common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message.
Always check the recipients email. If you do not know or were not expecting anything from anyone DO NOT OPEN EMAIL ATTACHMENTS.
If you get emails from web designer telling you your website is s##t do ask your current web designers to send an audit report of your website. Also if the sender is sending you an email from a gmail, hotmail or msn account without a company signature in the footer of the email this is reason for alarm bells to ring.
DO NOT USE OFFSHORE WEBSITE DESIGNERS.
SUPPORT LOCAL BUSINESSES!
Do not reply to anyone that has a suspicious email address, especially if it is a long thread of letters and numbers that do not resemble a person or company.
Always check email addresses from the sender.
Lastly always mark emails that have landed in your inbox as ‘report phishing’ rather than simply deleting them as the email client will block this email from their servers to stop other people falling victim.
I named and shamed this person whom sent me the email whom most probably is not even using their real name. So low and behold today I receive another email to a website I own which is a Business Directory and Community Hub for the district in CardiffUK where I live ‘Roath’.
Now you have to think to yourself how would this keyword be a conflict or beneficial to anyone in China?
The email is as follows and when I replied back it bounced, you can come to your own conclusions but I think some one is attempting to scam me and whoever it is has to get up earlier than me to catch me out.
Original Scam Email.
Nick Liu <firstname.lastname@example.org> 05:35
(It’s very urgent, therefore we kindly ask you to forward this email to your CEO. If you believe this has been sent to you in error, please ignore it. Thanks) Dear CEO, This is a formal email. We are the Domain Registration Service company in China. Here I have something to confirm with you. On November 4, 2020, we received an application from Hongxin Ltd requested “roathlife” as their internet keyword and China (CN) domain names (roathlife.cn, roathlife.com.cn, roathlife.net.cn, roathlife.org.cn). But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor in China? Best Regards
Nick Liu | Service & Operations Manager
China Registry (Head Office)
6012, Xingdi Building, No. 1698 Yishan Road, Shanghai 201103, China
This email contains privileged and confidential information intended for the addressee only. If you are not the intended recipient, please destroy this email and inform the sender immediately. We appreciate you respecting the confidentiality of this information by not disclosing or using the information in this email.
Your domain names are on different GEO territories to myself being the owner from the time 2020-03-06 and I have actively developed my sites, therefore there is no trademark conflict as I was the first person to publicly publish my domains names.
I would suggest your client refrains from registering the domain names because this could cause a problem in future, although I have no intention of ever marketing my business in China.
Mail Delivery System<email@example.com>
This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more ofits recipients. This is a permanent error. The following address(es)failed: firstname.lastname@example.org:SMTP error from remote server for RCPT TO command, host: mx.chinaregistryshanghai.org (184.108.40.206) reason: 550-Rejected because 220.127.116.11 is in a black list at zen.spamhaus.org550 https://www.spamhaus.org/sbl/query/SBL275660
— The header of the original message is following. — Received: from oxbsltgw54.schlund.de ([172.19.249.7]) by mrelayeu.kundenserver.de (mreue106 [18.104.22.168]) with ESMTPSA (Nemesis) id 1MnItm-1jtEYQ3Htc-00jJDA for <email@example.com>; Wed, 04 Nov 2020 14:09:54 +0100Date: Wed, 4 Nov 2020 13:09:53 +0000 (GMT)From: info <firstname.lastname@example.org>To: Nick Liu <email@example.com>Message-ID: <firstname.lastname@example.org>In-Reply-To: <email@example.com>References: <firstname.lastname@example.org>Subject: Re: roathlifeMIME-Version: 1.0Content-Type: multipart/related; boundary=”—-=_Part_17396_1939878953.1604495393253″X-Priority: 3Importance: NormalX-Mailer: Open-Xchange Mailer v7.10.3-Rev26X-Originating-Client: open-xchange-appsuiteX-Provags-ID: V03:K1:0iM3qWu96k7+nm6+4FH27tKPwLRBi3asRo6IkltspIx3TiUD8kb 64Uvu0jRQatF1oh4vDfkRIqu/dq6NyeeDKKZXgjPLwi3RTMcoCU6+tQ/oULYFxnptlDS3oS IlPnkssjWtzaXo3GN5ANdoR8YOAFSgjH7j7v7yiwWdYUG6l3EGRySxCDl5dFixgSGqCZFZc 7KMuQNqSZjTIl6nphFPyA==X-Spam-Flag: YESX-UI-Out-Filterresults: junk:10;V03:K0:dkv51dmL+xI=:uYemXnJzgY5oUhy06auNt9z0 /s6XKe4ewOfXuhxlYsCuQnjZQZ8rRyx3d9vm8um4MQVT2TCP40TEZLgS+hlkJ7zOGoNigfUsO /uxX0VlvP1Y2598VU7SFDa71yNpiYn57pI+0NRWuxMDVxzXftUBgs9OWRrR2YcRpBBBLAc4OL uQE+bUIjVqcX7gI9Ht/2gH/HmgicgKTL7IRwiJmPzRin6agRweednEeaGngyVgz1hFNU/JwWe aFqNNvU0Q+2UHmAdKte0AlLqugU/30/GG++dkm//fmctpH/2xvAOMmWRH3UMEjaQybSFNEGIv rVSrzn+pPorxI8nsm5NaMKHrKhFiP4kZ3xt/yT8fY9Tc/b6BOBTtFT41i5RNa/cP14dDxlVG/ Grj3D5HVH4qNOjgzjPEcQFhvViI8WGsQFX+gLi1NC7E/EIpaWoXFI3YD4oL0ihfpC/JoCsPL3 /SLhxA6S4CWKkdsFvBSQfJNSddtAnxDwjcsy+RS5YEGl4i6nIqqFkNTeFeiU7lMpeE1I85/AN uc79t8O70Dx02z5zhq2c=
Get more stuff
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.
Something went wrong.
we respect your privacy and take protecting it seriously
Previewing next week’s three domain auctions and great content. NamesCon.online kicks off next week, so I asked Soeren von Varchmin to visit with us this week for a preview. He explains the three (yes, three) auctions taking place and previews some of the sessions. Plus, we give away three free passes to the event. Also: […]
So what does it mean for domain investing? Before you roll your eyes, this is not just a podcast episode about NFTs. We’re going to dive into what so many domain investors turning their attention to Bored Apes and other NFTs means for the domain business. And although we don’t have hard data, it’s safe […]
How to invest in .gg domain names. Is .gg the next .io? Our two guests this week have had early success investing in this domain extension and hope that it takes off like .io did thanks to end user usage. Mark Levine and Logan Flatt discuss what types of .gg domains they invest in, how […]
How do you make a top level domain stand out? Many top level domain names became popular over time thanks to use. Someone saw another company use the TLD, so it used it, too. Relatively recent examples include .io and .ai. But that’s not always the case; .co became popular thanks to marketing that primed […]
Here are my favorite domain names. It’s the 350th episode! We all have favorite domain names in our portfolios. On today’s show, I run through my favorite domains from my portfolio. They aren’t necessarily the most valuable, but I have my reasons for each of them…from “sweet” domains to ones I’ve used for businesses, I […]
How a great domain can help you win investors, customers and more. Rolf Larsen understands the value of a great domain name. His latest startup, Desktop.com, spent a lot of money to buy its domain name. But he says the domain has been a key part of the company getting early investors, a government grant, […]
How to buy and sell content sites for a profit. On today’s show, we talk to Michael Bereslavsky of DomainMagnate. His company buys and sells online businesses, and takes the process to another level. On today’s show, we talk about the market for content sites, mistakes people make when buying or selling, his company’s private […]
Ron Jackson reviews the market for .us domains and we discuss the top 10 domain sales so far this year. This week I catch up with Ron Jackson of DNJournal. Ron launched a new site dedicated to spreading the word about .us domain names. We talk about the market for .us, how many .us sales […]
A great domain name helped this entrepreneur launch his business. When Ryan Maltbie had less than $1,000 left in his bank account, he decided to do something bold: bet his family’s future on a new ecommerce store that sold BBQ grills. Fortunately, he had deep industry relationships to get started and a killer domain, BBQGrills.com. […]
Is an SBA loan right for your business? I was talking to a friend the other day who is taking out a Small Business Administration (SBA) loan and I was surprised at how good the terms were. Lots of people use SBA loans for buying online businesses and for working capital, and it might be […]