“CIRA has learned that an unknown party is attempting to obtain CIRA User Account Numbers and Passwords from dot-ca registrants by sending MISLEADING EMAIL NOTICES that appear to originate from CIRA,” the group said in a statement. “These misleading emails request that CIRA User Account Numbers and Passwords be provided to validate registrant information and prevent domain name suspension (inactivation).” The CIRA emphasizes that it does not ever ask registrants to share login credentials via email.

The .cc domain is a top-level domain for the Cocos Islands, a small island nation in the Indian Ocean that makes the .cc domain available to registrars. The CITA appears to have gained control of the cira.cc domain which is now registered to a CIRA representative.

Although the use of similar domains can add considerable credibility to an attack, it also gives the institution an opportunity to defend its customers, and creates precisely the scenario anticipated by our domain fraud detection service. This allows domain owners to pre-empt such frauds through prompt action as soon as they notice domains that may be attempting to masquerade as their institution. Netcraft’s service can often spot such suspicious domain registrations within 24 hours.