Network Solutions Is Most Likely Not Phishing

You may have read my rant earlier this week about Network Solutions trying to trick me into allowing them to send me spam. As part of that dark pattern, Network Solutions asks me to verify my contact information, and then tries to up-sell me, and then suggests that I need to verify my contact information (but which is really a spam opt-in).

You can imagine I am primed against being asked to confirm my information by Network Solutions.

For a little extra context, since I receive a few emails a week from Network Solutions (such as this one to auto-renew, or this one for SEO, or this one to obfuscate my WHOIS info), which jumps to daily after I partake in any activity on the Network Solutions site, I typically filter them into dev/null/i-mean-it.

So I was wary when I received the following email once yesterday (the day after I renewed my domain) and once again today:

Screen shot of the offending email.
I block Outlook from downloading embedded images to prevent spammers tracking when I have opened their emails, hence the missing images.

The message within:

Dear Customer,

New Regulations now require that domain account holders confirm their email information otherwise their domain will be deactivated. If your domain is deactivated you will still own the domain but you will not be able to have a live website until you verify your contact information.

To ensure your domain(s) remain active, please click the CONFIRM button below to confirm the email address we have for you is accurate.

Note the explicit threat. Note the lack of a link to the new regulations, let alone the source of those regulations. Note the shiny red all-caps CONFIRM.

I think we’ve all spent enough time as family tech support to know that you aren’t supposed to click links in emails. My bank tells me this, the government tells me this, it’s on general support sites, and even Network Solutions has had to tell people not to click links in emails (not to mention recent news of a GoDaddy hack). Heck, robots know this — if you type don’t click into the Google search box, it will auto-complete with on links in email:

Image of Google's auto-complete search box.
I know this is anecdotal, but it’s a great image to make my point.

Because I am a child of the internet age, and because the support phone number in the email could point to anyone, I contacted Network Solutions on Twitter to see if this was for real:

It’s like I’m texting with a 13-year-old.

Reassured the phone number in the email is a true Network Solutions number, I called and navigated the menu system. After I explained the situation and why I don’t want to click the link, the representative explained that my domain will be shut down if I don’t do it. He could not offer a time frame (but he hadn’t seen anyone shut down because no one has waited more than two weeks). He also said he cannot do this over the phone and that I must click the link.

When I pressed for the regulation, he said it’s an ICANN regulation but could not tell me where to find it. He explained that if I don’t respond, eventually my domain will point to a parked page (my word), though he didn’t know if it’s an advertisement-laden Network Solutions page or an ICANN page.

When I got off the phone, I looked around for an ICANN regulation. The closest thing I found was in a PDF dated June 27, 2013 (page 43, under WHOIS Accuracy Program Specification):

Registrar shall implement and comply with the requirements set forth in this Specification […]

  1. […] within fifteen (15) days of (1) the registration of a Registered Name sponsored by Registrar, (2) the transfer of the sponsorship of a Registered Name to Registrar, or (3) any change in the Registered Name Holder […]
    1. Verify:
      1. the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or
      2. the telephone number of the Registered Name Holder […]
      In either case, if Registrar does not receive an affirmative response from the Registered Name Holder, Registrar shall either verify the applicable contact information manually or suspend the registration, until such time as Registrar has verified the applicable contact information.

Having registered and renewed domains since July, and given that this was a renewal, the fact that I just got this for the first time does seem like the implementation has been delayed.

So by that language, yes, Network Solutions can do exactly what it is doing. Given Network Solutions’ constant spam, constant final notice of deactivation messages that are not, in fact, final, and folded in with its dark patterns on the web site, I don’t trust anything I get from Network Solutions as far as I can spit it. It doesn’t help that I saw no notifications of this (unlinked) nameless regulation when I was in my account two days ago, so I also wasn’t primed for it after I had just verified my contact information.

So what’s the takeaway here? Don’t do what Network Solutions does and you will have taken a big step to avoid being viewed as a spammer or phisher by your own customers.

Related

Update: February 7, 2014

The day after I posted this, Network Solutions offered some explanation on its blog: “Domain Verification Emails from Network Solutions Related to New ICANN Security Regulations.” I found out about it today when Network Solutions responded to my latest related tweet:

Update: February 19, 2014

As you can see in the comments below, one user commented on the Network Solutions blog post, was acknowledged, and then Network Solutions removed the commenting feature altogether. He was able to provide me with a screen capture of the comments (and reply) from Disqus:

Screen shot of the Disqus discussion.
Screen shot of the Disqus discussion. Transcript now available.

Update: April 10, 2014

Meanwhile, after telling me to click the link in the email (see above), NetSol is telling other users not to click links in email, “to be safe.” This certainly doesn’t help reduce confusion.

39 Comments

Reply

I feel the same way you do. I have not clicked on the big red confirm button, but I manage a couple of websites and I'm afraid that they will eventually shut me down. I was actually more afraid that it was a virus of some type that may damage my computer or worse, steal all my contact information and send them spam mail from me! I have 13,000 email addresses in my database! This is ridiculous!

A Community in the Killarney Constituency; . Permalink
Reply

If it looks like a phish, swims like a phish, and sounds like a phish, then it probably is a phish

http://msmvps.com/blogs/spiderwebwoman/archive/2014/02/07/1968813.aspx

Reply

I got two of these 26 hours apart. The whole email smells of phish. The header shows that the email originates from rcom.com, and not networksolutions.com, and the wording in the email set off my BS-o-meter. The generic "Dear Customer", ominous "New Regulations" (with no link for verification), threat of imminent domain shutdown with no timeline, and vague instructions beyond clicking the glaring red button are all warning flags to a cautious internet user in charge of maintaining the security of any domain.

This email was sent to the email address that is publicly listed on the WHOIS for my domain; anyone could have sent this email. NS could have included the last portion of my account number, or described the recent activity that triggered the email. Some sort of information that only I would know to verify its origin.

If this is a legitimate email, shame on Network Solutions for such a poor implementation. I would expect an email asking me to sign in to my Network Solutions account and verify any information there. That way I can separately navigate to networksolutions.com and sign in without clicking any link in an email.

Reply

Interesting, I posted some comments suggesting the rethink their approach on this page:
https://www.networksolutions.com/blog/2014/01/domain-verification-emails-from-network-solutions-related-to-new-icann-security-regulations/#comment-1243245230

My comments remained online for a few days, then I received a comment reply from NetSol saying:

"Thank you for your feedback, Tyler. Your input is important to us. You've made some valuable points and we’ll consider for future updates to the process."

Then they promptly deleted my comments from their site and removed the feature allowing people to comment.

In response to tylerdurden999. Reply

I recall seeing your comment on the Network Solutions post, I believe on February 7 when I updated this post. I did not screen cap it, though. Any chance you got one?

In response to tylerdurden999. Reply

I am also receiving these requests from NS – it is always after renewing a product OR logging into my account. I refuse to give Network Solutions any additional information – in fact, I'm sure embedded somewhere in the link they have hidden language allowing them to spam your e-mail and once again begin the barrage of telemarketing calls.

I have also noticed that they have changed ALL of their menus (on user accounts when changing configuration / or adding mailboxes etc) to default to OPTING IN on upgraded services that will be billed automatically if you do not actively OPT OUT by contacting them via Telephone.

I am cannot wait until the end of my agreement when I can move everything to another host.

Reply

No, I wish I had done that! I can give you a screen cap of my Disqus thread though…it's all in there. I'll send you a separate message via your contact form.

Reply

Thanks Adrian for the info. I just received one of these emails today after adding some new domains last week. This email just screams "phishing!" – cannot believe what I am seeing. After reading your blog, looks like I have no choice but to click and hope. Terrible.

Reply

I received one of these notices during the overnight and Google in its wisdom, decided it was Spam and gently placed it in my Spam folder along with 70 other messages.

I don't know why, but I happened to notice it when I cleared my Spam folder this AM.

I called Network Solutions and used my outside voice on a Representative, followed by a person who said she was a Supervisor. They said that it is my problem and I will need to take up the Spam folder problem with Google.

I will be moving whatever I have to Go Daddy, as soon as possible.

In response to Mike Ellsworth. Reply

Mike, FWIW, I am not a fan of GoDaddy so I can't help my suggest you look at some other registrars as well and weigh your options. I have been looking at Hover, for example, but I haven't made a final decision on where to move my domains.

In response to Mike Ellsworth. Reply

Thanks, I'll ask my Server Admin. He has more experience and may know of a better choice.

In the meantime, I am in the process of filling out an online form with the NYS Attorney General. I can't say that it will accomplish anything other than lower my blood pressure, but if the get about 50 of these, I bet they will at least give NS a phone call. Link is here:
http://www.ag.ny.gov/internet-bureau-online-complaint-form

Reply

Thanks for the heads up on this Adrian. The email from NetSol certainly smelt of phish to me.

@ Mike Ellsworth

I had a domain registered with GoDaddy years ago that expired with no notice from them. It was immediately purchased by a squatter who wanted several thousand dollars to transfer the domain back to me. I refused to pay.

Reply

A further thought. A few days ago, one of my users received an email demanding a changed password: "Dear Email User,

In 10 days, your Network Solutions email passwords will expire, resulting in an interruption of your email service."

I reported it to NetSol's helpdesk. I will be reporting the current phish to NetSol. Perhaps if they receive a sufficient number of helpdesk requests, they will desist.

Just a thought. And the helpdesk requests must surely be sufficient confirmation that the domain is active to comply with the ICANN regulation.

Reply

Just got this today. Not sure what to do. So did you click the button? What happened?

In response to Joe A.. Reply

Joe, I did indeed click the button. I don't feel I had much choice. No viruses, no stolen identity, just a verification screen with a terse message that underwhelmed me given all the stress the email created.

Reply

Not only did I receive this today, I also got notice that my order of a .info domain was complete for a cost of $0. I ordered no such domain, but now I am subject to this email verification. Very shady.

Reply

Thanks so much for all the effort you put into this blog – and for all the comments. Also, thank Adrian for saying you clicked the button and nothing untoward happened. I guess that buys me some time before I figure out how to leave Network Solutions forever. Thanks! DHC

Reply

Well, I took the plunge and clicked the link after reading your post/comments and a few others. But I'd also recommend that everyone log into their NS account, hit the "contact us" link and take a few minutes to explain (politely but firmly) what you think of this behavior. Given how many alternative services there are for domain registration they really shouldn't feel like they can send this kind of crud out with impunity. If there IS a legitimate reason for something like this, the right way to do it is to ask people to go to NS and log into their accounts, not send them a link in an email that reeks of phishing.

Reply

I just received the same email and based on this blog and comments clicked that scary looking "confirm" button.

Fingers crossed………

Reply

To the best of my knowledge, I have not recently renewed or changed anything with any domain names I have with Network Solutions. However, I am receiving emails to click to confirm my email address. There is no information to indicate what domain this regards, or any personal information to indicate it is truly from Network Solutions. Thank you all for your posts, it helped me at least decide that I am calling them before doing anything. I will also be logging on to see if things have changed, or someone has given me a "free" domain name or something! I agree, this is very poor business practice on their part, if it is truly from them, and it should be outlawed. This type of email goes against all security basics. If this is from them, in my opinion, they should be setting a good example, not causing un-due stress and confusion, let alone using our time to handle their lack of integrity and professionalism.

Reply

I got this too, and of course after it was identified as SPAM by every SPAM engine we use. But I found it, reviewed it, researched it (which brought me here) and then called NetSol to complain. They were then able to verify me over the phone, which they said is something they have had to start doing because they've received so many complaints about this email (don't know if that's true or not). So if you don't want to give in to clicking on this email out of sheer principal alone, call them and waste their time and money (call center calls aren't cheap) and have them do the work for you. On the downside it took 3 different agents 30 minutes to do this, but that's 30 minutes out of their days wasted on this. Hopefully they see that cost (multiplied by hundreds or thousands of other calls), and the fact that I'm inclined to move my accounts away from them due to this and all the other unsolicited marketing materials I get from them, as a good enough reason to try harder to make this more legit next time.

In response to Matt Heltsley. Reply

Handy to know (for those who don't mind blasting hold music on speakerphone for their office mates). Referenced this in a tweet today for yet someone else frustrated by the process: https://twitter.com/aardrian/status/459423118906634240

Reply

Apparently you can now complain to this address: listen@networksolutions.com

Reply

Just opened a support ticket with NS telling them that this thing looks ridiculous and is not the way to go about doing it. Even Gmail thought it was spam.

Reply

the http://whoisaccuracy-portal.networksolutions.com hostname makes the email look LESS legitimate- it looks like any othe phishing scam trying to maks an illigetimate domain.tld with an official-sounding hostname.!

Crockett Dunn; . Permalink
Reply

I created a ticket number with Network Solutions and they said:

With regard to your concern, please be advised that the valid e-mail address where ICANN Validation e-mails should come from is support@networksolutions.com. Please be informed that the e-mails that you have received are spoofed e-mails. Please refrain from clicking any buttons available on the e-mail.

So, being the case, it makes you wonder if this blog is fraud and representing it in some way.

In response to Dr Gruehl. Reply

This blog or one of the URLs referenced above?

Reply

Hi everyone I need your help. We've been with networksolutions since about 2005 and have been experiencing a lot of issues lately. Mostly that they have been forcing us or tricking us into purchasing upgrades for things we do not want. Also noticed that our email users are being prompted upgrades that would result in charging us though it doesnt state this.

How does someone move their entire account to another service? We still have over a year with them before everything expires. Has anyone had a smooth transition with their domains to another service or does network solutions hold them ransom on you?

In response to Tyrone. Reply

Choose your Domain Name Service provider, unlock domain in NetSol, get auth key, start transfer process with new DNS provider.
Make sure to backup all website and email accounts.
Then get new host, point DNS to new host, restore/upload website and email.
Fairly straight forwards. I could blog about it, as I have one more domain to transfer.

Reply

To add to the furor, I got an email telling me my .info domain is about to expire today (my .com will expire next month, and I've been getting notices about that for weeks). I thought what the hell I never asked for a .info domain! So I typed in my domain.info. Voila it forwards to my .com domain. So I assume they are now trying to trick customers into registering a .info domain as well. Needless to say I didn't click on anything to download the pics. What a bunch of a$$holes. I just called my ISP to see what was up and they confirmed that NS wants me to add .info (and apparently other get a notice for .us as well) to add to the registration fees, and what they need to do to transfer me to transfer me to their registration service. The only reason I still used them is because they were the only option 20 years ago (yikes!). So long jerks!

Reply

Thank you so much for your post — the fulsome information you provided was really helpful, and I’m relieved to find out I’m not the only person who’s become suspicious of Network Solutions’ customer relations activity (especially since being acquired by Web.com)…

Reply

As per 10/26/2015, this is still very much a Network Solutions practice. Just got an email as everyone else, and they haven’t changed a comma from the original from 2014 (probably much older than that).
I checked on NS’s page for their number, called, asked to verify this as legit, instant ‘Yes’. Asked to do this verification by phone, and was told it couldn’t be done.

Last year, I also suddenly had a free .info domain I had never asked for. I made sure to remove the auto-renew function from the domain manager, and then I let it expire naturally. Hasn’t cost us anything and never did.

I see that NS settled a lawsuit with the FTC back in April 2015 concerning misleading consumers to think they could get a 100% refund on a cancelled purchase, when there really was a ton a fees added bfore you’d see any money back.
Read more here: https://www.ftc.gov/news-events/press-releases/2015/04/ftc-obtains-settlement-network-solutions-llc-misleading-consumers

I see this kind of crap everywhere else and in many different kind of industries too. Apparently it’s not a good business model to be nice to your customers any longer.
Overly aggressive marketing-assistants, under-trained/over-worked support personnel, borderline hostile customer representatives. Add to that a disconnect with senior management, and you have a great recipe for major income.. and perhaps lots of complaints as well, but I’ll let you guess which of the two they care the most about…

Morgan; . Permalink
Reply

Thank you for this blog! I received the exact email from Network Solutions today (March 18, 2016). I didn’t click the link and logged in to NS and looked around. No notification of any ICANN requirements on my account. I promptly changed my password, thinking that my account had been compromised.

Gmail could not verify where the email originated from and I deleted it before I saw this blog.

I also magically was paying for a .info account I never asked for. It was checked for auto renew! I had no idea NS had become so shady. I don’t trust Godaddy either. I’m stuck with them for now.

Hopefully I’ll get another email – gmail promptly emptied the trash bucket and I can’t find the original email and can’t click the button.

Reply

I got the same thing today Oct 12. I called and verified on the phone.

Phil K; . Permalink
Reply

Just got the same email this afternoon. Not falling for it.

moonshake; . Permalink
Reply

My domain renewal is coming up in six months. NS just sent me this email today, after I went to their site yesterday and updated my contact details (necessary, as it was decades out of date). The originating address on this one was “donotreply@networksolutions.com”, but the link if you click on the “Confirm Email Address” red button goes to whoisaccuracy-portal.networksolutions.com/…. which seeeeeems like it should be ok, but everything else about this email screams spam.

Why you can’t do this through your account manager on the website is beyond me.

Do you have any recommendations on where I could move my domain to? I don’t really care for these practices, and now is as good a time as any to take my business elsewhere.

In response to JohnC. Reply

I moved my domains to Name.com. They do what I need — allow me to manage my domains and not spam me.

Reply

Thanks for posting this. Hey, know what? It’s May 24, 2017 and I just got the same phishy message. Ugh!

Mike Craghead; . Permalink
Reply

The phishy message problem goes well beyond NetSol. It’s an ICANN problem, aggravated by the registrars “white labelling” correspondence so that clients of a reseller don’t see the actual registrar’s name on anything.

That move makes this look very questionable in terms of credibility, so no surprise these e-mails are being ignored or lost in all the spam.

I remember when ICANN introduced this particular bit of stupidity in 2014. I remember pulling a few high-traffic domains away from my existing registrar (at the time, hexonet.net) because these “notifications” didn’t make it past the spam filters and the registrar shut all traffic to the domains down. It’s just as broken with any other registrar.

Of course the spam from this pointless ICANN mandate merely ends up at the bottom of the pile under the rest of the garbage, including ICANN’s useless “reminders” to keep contact info updated, so that registrants may continue to receive their daily dose of frivolous legal threats from anyone who wants to make damning or embarrassing content magically disappear from the sites, to DMCA abuse from various middlemen who have figured the “under penalty of perjury” bit is meaningless – there is de-facto no penalty for lying to a mere webmaster, to solicitations in the guise of an invoice from that “Domain Services” or “Internet Services” or whatever they’re calling themselves this week (fine print: this is not an invoice, they don’t actually renew domain names, they just claim to submit sites to search engines for exorbitant fees – and no, no one actually ordered this) to requests to place unwanted ads on sites which don’t (or can’t accept ads) to unsolicited offers for “webmaster” services and all the rest.

I’m a wealthy Nigerian prince, I don’t have time to sort through all the garbage – that’s what spam filters are for. A system that fails-dangerously when an unsolicited e-mail from a registrar or registry is blocked as spam is broken, pure and simple, as e-mail does not guarantee delivery in an era when there’s more spam than ham hitting port :25. ICANN has therefore reduced the stability of the network with this irresponsible stunt. The only thing worse was cira.ca’s boneheaded decision to routinely e-mail people who’d already paid for .CA domains demanding that they agree to additional “terms and conditions” in indecipherable legalese. No response? They drop your domain completely so that some other random cybersquatter can take the name that you just paid for. Nice.

Certainly, NetSol is worse than other registrars in a few ways, possibly because of the “we don’t care, we don’t have to, we’re the phone company” – like monopoly they used to hold 15-20 years ago. It’s annoying to be hit for $35/year for a domain that’s $12/year anywhere else, it’s annoying to deal with all the hoops they make registrants jump through to transfer a domain out.

The comparison looks a bit like this:

Leaving Hexonet.net: click “unlock the domain” in the control panel; the authcode is right there in the control panel, so provide it and the domain name to your new registrar. Click on the e-mailed link to authorise the transfer. At this point, if you do nothing further, the transfer goes through in five days – but clicking on Transfers -> Outgoing -> approve this now on Hexonet’s control panel waives this delay and all done, the domain is now at your new registrar.

Leaving NetSol: click “unlock the domain” in the control panel; the system tries to argue with you and beg you to stay, before tearfully and begrudgingly complying. Ask for your authcode; maybe they’ll e-mail it to you tomorrow, but they say to allow “up to a few days”. When it shows up, provide it and the domain name to your new registrar. Click on the e-mailed link to authorise the transfer. At this point, NetSol takes the next five days to bombard you with additional, endless e-mails asking you to change your mind or cancel the transfer. After all, they feel entitled to your money in perpetuity, like royalties and the divine right of kings. Some time next week, fingers crossed, the domain is now at your new registrar.

Gotta love it.

CarlB; . Permalink

Leave a Comment or Response

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>