1(630)802-8605 Ravi.das@bn-inc.net

All across the world, businesses and corporations are prone to being a victim of Phishing attacks, there is no doubt about that.  Whether the organization is hacked with Phishing emails towards them, or their own contact address books are hijacked and Phishing emails launched from that, it doesn’t really matter in the end.

The company is impacted, their reputation is damaged, and worst yet, they very well could have lost some customers in the process.

Usually, dealing with Phishing email scams is something that is left up to the company to work out and mitigate.  In rare instances, do you get a third party involved (unless it is requested for help, such as a Cyber security consulting company) to help resolve the issue.  Even rarer is when you see the domain registrar step in and even take down the entire website of the afflicted company.

Such is the recent case with Zoho. This is one of the largest IT companies in the world, and its main website domain, www.zoho.com, was taken down for roughly three hours after its domain registrar, TierraNet, after it received a barrage of complaints from customers of Zoho about Phishing emails originating from Zoho.

The company is actually headquartered in India, and offers a multitude of products and services to client’s which gamut the range from web-based office tools, such as word processing, spreadsheets, presentations, databases, note-taking, wikis, web conferencing, customer relationship management (CRM), project management, and even invoicing applications.

Even after Zoho tried to reach out to TierraNet in an effort to get their main domain back, they still proved to be staunch in not restoring the domain back to its regular state.  They kept insisting that Zoho was not doing enough to resolve the issue at hand, while Zoho still insisted that it was doing everything it could.  Yes, the proverbial Mexican standoff.

Just like Donald Trump, Zoho was using Twitter to blast out its complaints about TierraNet, and TierraNet simply kept saying “. . . Zoho failed to resolve issues after repeated contact requesting them to take action against phishing emails.” (SOURCE: https://www.zdnet.com/article/domain-registrar-oversteps-taking-down-zoho-domain-impacts-over-30mil-users/).

As mentioned earlier, it is very unusual for a domain registrar to have to intervene like this.  They are typically called on to the be mediator or arbitrator in those cases where the email services of a much smaller business entity are compromised.

They are rarely called upon to resolve Phishing complaints from the much larger Fortune 500 companies, as the domain registrar typically assumes that these kinds of organizations have the staff to deal with any types or kinds of Phishing issues.

The CEO of Zoho, Sindhar Vembu, once again took to Twitter to explain to its customers what happened, and that a resolution would be forthcoming soon.  He even asked the help of his very own customer base to reach out to TierraNet, to see if they would even bend just a little bit.  But this was of no use either in the end.

According to Vembu, there were only three active Phishing complaints in just under a two-month time span.  Two were being resolved, and one was (or is) still pending further investigation.  He even took responsibility for all of this by stating that: “Complaints at a domain registrar level is very rare and this action by them is totally unacceptable when we are the ones with the responsibility.”  (SOURCE:  https://www.zdnet.com/article/domain-registrar-oversteps-taking-down-zoho-domain-impacts-over-30mil-users/).

The good news (if it is any, given the huge backlash of all of this) is that the domain was restored, and the products and services offered by Zoho were functionally again.  But, even after customers were notified about this, they were still being redirected to a blank Web page by TierraNet.

The problem?  After the domain was restored, its TCP/IP Address changed as well, and the customers of Zoho were unaware of this.

Coming out on Twitter again, Vembu wrote to his customers to use either Google or Cloudflare’s free DNS services.  Apparently, they were already updated and refreshed to the correct TCP/IP Address when trying to access Zoho.com.

Later, it was discovered that an automated Spam Complaint System took down www.zoho.com, but once this was realized by an actual human being at TierraNet, the issue was supposedly rectified.

My thoughts on this?

I totally agree with Vembu that this kind of action by a Domain Registrar is totally and completely unnecessary.  After all, Zoho is one of the world’s largest IT companies, so therefore one would logically conclude that they have the manpower to deal with Phishing complaints.

It is horrible to think of the damage that has been done to Zoho and its brand image.  Worst yet, think of the lost customer base.

But I can tell you from personal experience, getting the Domain Registrar involved in any way shape or form is a huge no no. I used to work in email marketing, for a company called Emedia Communications, LLC (now owned by Ziff Davis Publishing based in Chicago).  The company would blast out newsletter like emails to millions of subscribers on a daily basis.

But one day, the company’s domain, www.emediausa.com, was red flagged by the Domain Registrar. The actual domain was not taken down, but all outgoing emails were blocked for a period of a few days, in which the VP of Sales was begging and pleading with them to restore services.

Finally, it was, and luckily, the company did not suffer any extensive damage from it.

So, my two cents to the small business owner is never get your Domain Registrar involved, and avoid as red flagged as a “Spammer”.  You may be under the false pretenses that they can help to resolve your Phishing issues, but this is totally untrue.

Their idea of a resolution is to simply block and/or take down your domain, which is of course the lifeblood of your business.