Shady Practices (Antera/DomaSchooner Phishing)

I’ve recently gone through the process of moving one of my domains from one domain registrant to another. For a couple reasons, but cost and whois privacy are part of it. I’ve switched hosting providers a number of times, and that’s not an issue, but getting different domain registrants on the same page to ensure a downtime-free transfer isn’t a clear process to me, so during this time I was particularly susceptible to notifications about the transfer.

It was then that I noticed an item in my spam account titled “Domain Expiration SEO”. Now I didn’t notice the SEO in that title at first, and was immediately concerned about the terms “Domain Expiration”. The fact that it was in my spam folder at least made me immediately cautious, but the fact that they used my full name and postal address in the “invoice” confused me.

The email had a large title saying “Final Notice, your account is pending cancellation”, th email came from “”, a domain with no discernable website, and links on the page directed to “”. What I don’t like is that the entire premise is that you’re about to let something that you had expire. In the meantime nothing could be further from the truth.

It seems they somehow identify domains that are being transferred, grab the whois data and then generate emails, in my opinion, hoping to catch people not paying attention into paying $86 for supposed SEO software.

If you pay close attention to the email, they do note that they “…do not register or renew domain names…” and their email disclaimer states “…This is not a bill or an invoice. This is a SEO purchase offer. You are under no obligation to pay the amount stated unless you accept this purchase offer…”. So while they do a good job of telling the truth, the immediate implication of the email implies something worse. So while probably not illegal, very shady.