Incident Details domain squatting with the host exonmobil[.]co.uk.
We have developed TIPpers, which are incidents the ThreatConnect Research team flags for your awareness, so your organization can take decisive action.
TIPper: Exxon Mobil Domain Squat Associated to Fake Job Advance Fee Fraud Scam.
This incident involves domain squatting with the host exonmobil[.]co.uk (Exxon Mobil). This domain was recently registered and uses a bitcoin DNS name server. The registrant data matches known registrant data used to register domains used in employment scams. One of the previous employment scams had an oil and gas theme. The host exonmobil[.]co.uk may be used in a similar type of scam by the same adversary. There is no A record IP address for this domain, but there are a set of MX records. This is consistent with the domain being used in a type of email-based advanced fee fraud scam.
For additional details, current ThreatConnect users can access this incident by selecting this LINK or search for incident “20160716C” in the ThreatConnect Platform.
If you do not have a ThreatConnect account, click HERE to access our Free Edition as well as 30-day access to our Subscriber Community. ThreatConnect’s Free Edition allows you to establish a basic threat intelligence practice, collaborate with your internal team, protect your organization with open source threat data, bulk import cyberthreat indicators, contribute to the ThreatConnect Community, and receive support and validation from outside researchers and analysts also using the platform. The Subscriber Community includes timely notification of threat incidents identified by the ThreatConnect Research team, an exclusive service offered at no additional charge to paying customers.