Summary
The Chinese Domain Registration Scam is a long-running social engineering attack in which fraudsters impersonate CNNIC-approved registrars and fabricate an urgent threat that a third party is registering your brand's domain, pressuring victims into paying inflated "protection" fees and sometimes handing over corporate documents that can fuel identity theft or Business Email Compromise.
Take Action:
If you get an email warning that someone is trying to register your company's brand as a domain in China, don't panic and don't reply. It's almost certainly a long-running scam designed to scare you into paying inflated fees for a threat that doesn't exist. Delete it, verify domain availability yourself through a trusted WHOIS tool and if you choose to, register the appropriate domains through a trusted registrar. Never send business licenses or executive IDs to unknown parties.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (1)
The part worth flagging to anyone who gets one of these: the protection fee is the throwaway, the document request is the actual heist. A scanned business license plus a director's ID is a reusable KYC bundle — roughly what you'd need to pass onboarding at a payment processor, authorize a domain transfer, or stand up a convincing BEC against your own vendors — so those scans are credential-grade and shouldn't leave the building in response to inbound contact. Part of why it lands on companies and not individuals is that the notice hits legal@ or admin@ or whatever address sits on the WHOIS record, inboxes that often have no clear owner and no runbook, so the urgency routes right around the skepticism one person would apply. Safest move is to verify out-of-band against something you looked up yourself, the CNNIC accredited-registrar list and the actual WHOIS/RDAP record, which shows plainly whether anyone's filed anything, never the contact details in the email.