Criminals act like genuine hosting company and send fake invoices

Hundreds and maybe thousands of individuals have been targeted by (cyber)criminals which use fake invoices to collect money from unaware companies and people. The criminals in The Netherlands have setup a scheme which hunts down unaware website owners.

The website owners

The (cyber)criminals seem to have a strong database of website owners. It is possible that they have collected this information by using the public available WHOIS database. They have been sending fake invoices to website owners.

The fake invoice demands a “small” amount 89,90 for providing the following fake services:

  • 49,50
  • 24,00

A lot of website owners are terrified of seeing their website offline. The criminals are aware of this and they put pressure on the target by claiming that the website will be disabled or put offline if the payment will not be fulfilled within a couple of days.

Fake invoice scam

The criminals in The Netherlands are currently using the “NLDOMEINHOST” name to trick unaware users into believing that they are a genuine webhosting company which has provided webhosting services.

The “NLDOMEINHOST” fake invoice scam is using a “NLDOMEINHOST” company template which makes the invoice look genuine. The fake invoices holds an e-mail address “[email protected]”, a helpdesk line “0900-45785621”. The criminals have taken their time to craft the fake invoice, we can see this from the details which have been included in the fake invoice from “NLDOMEINHOST”.

The criminals have targeted the following cities in The Netherlands. We have retrieved this information from the complaints which were filled against NLDOMEINHOST.

  • Echt-Susteren, De Berk
  • Numansdorp
  • Den Haag x 2
  • Niebert
  • Amsterdam x 2
  • Alkmaar
  • Rotterdam
  • Ridderkerk
  • Capelle aan den IJssel
  • Wilnes
  • Hoogeveen
  • Grathem
  • Oud-beijerland
  • Ens
  • Ruinen
  • Almere
  • Vught
  • Broekhuizenvorst
  • Gouda
  • Zwolle
  • Duiven
  • Zoutelande

A couple of the victims claimed that they were also targeted by fake invoices from GoDaddy. The victims do state that they have reported this at GoDaddy.

Please be aware for fake invoices. The fake invoices are send in mass bulks and the (cyber)criminals are happy if they can steal money from 300/1000 victims.