Phishing Campaign Impersonates LiveDNS to Steal Credit Card Data

Cyber News - Erez Dasa reports a sophisticated phishing campaign targeting Israeli domain registrar LiveDNS customers. Attackers are sending emails impersonating LiveDNS, warning recipients about an upcoming domain renewal. The emails are highly personalized, leveraging the victim’s domain name and email address, likely sourced from public WHOIS records. The campaign aims to trick users into clicking a malicious link that leads to a fake renewal page demanding credit card details.

This attack highlights a critical vulnerability in how domain registration information is handled and exploited. By mimicking legitimate renewal notices and using stolen domain data, the attackers create a convincing lure. The inclusion of a warning about phishing within the malicious email itself is a particularly insidious tactic, designed to disarm cautious users. Defenders must educate their users on recognizing these targeted social engineering attacks, even when they appear to originate from trusted service providers.

Organizations using LiveDNS or similar domain registrars should be on high alert. Users should scrutinize all renewal notices, verify sender authenticity, and avoid clicking links directly from emails. Always navigate to the official registrar website directly through a known, trusted bookmark or by typing the URL. Implement stricter email filtering and user awareness training to counter such personalized phishing attempts. The indicator provided by Cyber News - Erez Dasa is https://live-dns[.]com, which should be blocked at network egress points.