DEV Community

Cover image for Chinese Domain Registration Scam Using Fake Trademark Conflict
BeyondMachines for BeyondMachines

Posted on • Originally published at beyondmachines.net

Chinese Domain Registration Scam Using Fake Trademark Conflict

Summary

The Chinese Domain Registration Scam is a long-running social engineering attack in which fraudsters impersonate CNNIC-approved registrars and fabricate an urgent threat that a third party is registering your brand's domain, pressuring victims into paying inflated "protection" fees and sometimes handing over corporate documents that can fuel identity theft or Business Email Compromise.

Take Action:

If you get an email warning that someone is trying to register your company's brand as a domain in China, don't panic and don't reply. It's almost certainly a long-running scam designed to scare you into paying inflated fees for a threat that doesn't exist. Delete it, verify domain availability yourself through a trusted WHOIS tool and if you choose to, register the appropriate domains through a trusted registrar. Never send business licenses or executive IDs to unknown parties.


Read the full article on BeyondMachines


This article was originally published on BeyondMachines

Top comments (1)

Collapse
 
circuit profile image
Rahul S

The part worth flagging to anyone who gets one of these: the protection fee is the throwaway, the document request is the actual heist. A scanned business license plus a director's ID is a reusable KYC bundle — roughly what you'd need to pass onboarding at a payment processor, authorize a domain transfer, or stand up a convincing BEC against your own vendors — so those scans are credential-grade and shouldn't leave the building in response to inbound contact. Part of why it lands on companies and not individuals is that the notice hits legal@ or admin@ or whatever address sits on the WHOIS record, inboxes that often have no clear owner and no runbook, so the urgency routes right around the skepticism one person would apply. Safest move is to verify out-of-band against something you looked up yourself, the CNNIC accredited-registrar list and the actual WHOIS/RDAP record, which shows plainly whether anyone's filed anything, never the contact details in the email.