Domain Name Scams – What You Need To Know To Protect Your Website And Business

Domain Names have been one of the areas that scammers have been plundering in the Internet era

The first internet domains were registered on the internet back in the 80s and by the early 2000s, scammers were already finding sneaky ways to target people through their domain names. Website hacking in the early 2000s cost billions of dollars. Possibly the earliest domain scam can be traced back to the year 2001, when the federal Competition Bureau in Canada sent out a warning about a scam that was targeting people: scammers would send documents that looked like invoices to people, pretending that they’d been sent from a business called the “Internet Registry of Canada.”

People who received these invoices assumed that they were from the Canadian government or that a legitimate agency which was registering domain names in the country had contacted them. However, that was not the case. By paying the amount requested by the criminals to host their domains, people were literally handing over their hard-earned money to scammers. Since then, hackers have constantly been finding new and damaging ways to scam people with their domain names. All over the world, there are approximately 400,000 computers that send out spam emails. These could include domain scams that could put your website and business at risk. Here’s what you need to know about them so you protect yourself.

First, What Are Domain Name Scams?

It’s important to know what domain name scams actually are. They can be defined as intellectual property scams. Fake domain name registrars trick people into giving them money by telling individuals or businesses they can list, buy, or sell their domain names. “Domain slamming” is an example of a scam in which fake domain name registrars try to trick domain name owners into leaving their current registrar for theirs, often with the intention to get people to pay for the new service that doesn’t exist.

Why domain name scams work so well is because the website owner might feel afraid that their domain name is in jeopardy, such as if the fraudster claims that if they wish to protect their domains they have to purchase these new services from them. By preying on people’s fear and causing panic, this can cause people to buy domain names without thinking they’re opening themselves up to losing money. A recent domain name scam in the UK involved an organization pretending to be the Trade Mark Office. It contacted businesses, pressuring them to buy domain names to be able to keep their domains. Meanwhile, their domain names were not at risk.

How A Domain Name Scam Might Work

So, how do you know if you’ve been targeted by a domain name scam? You might receive a letter or email that looks official, and seems to be sent from a real internet domain registration company. The letter will insist that you renew or switch your domain services, providing an expiry date to further pressure you into taking the bait. They might also make mention of a valuable service they’re offering, such as a low price, to make you want to choose their services. Here’s what this scam letter or email might say:

“As a courtesy to domain name holders, we are sending you this notification of the domain name registration that is due to expire in the next few months. When you switch today to the (Insert name of fake registrar), you can get the best savings. Your registration for (insert your domain name) will expire on the (insert date). Failure to renew your domain name by the expiration date could result in you losing your online identity, making it difficult for your customers and friends to locate you on the internet.”

Sometimes, the letter or email might even provide information that seems like the company has your best interest at heart, such as by saying that you are under no obligation to pay the amount they are offering you. This tactic, when combined with the official-looking email that has a professional logo on it, can make it difficult to tell if the notice is a scam or not. Hackers usually make use of the writing style, visuals, and logos of popular companies or brands to trick people into thinking they’re legitimate.

If you receive a letter or email similar to the example provided above, it’s vital to scrutinize it for red flags that it’s a scam.

How To Spot A Domain Name Scam

There are many ways in which you can find evidence that the domain name letter is a scam. Here are some things to look for so you don’t fall into the trap of paying the fraudsters money.

You’ve Received An Invoice But Haven’t Done Business With This Company

When you view the email and see that an invoice is attached to it, with the payment and banking details of the company included so you can renew your domain name, this might make you think that the company is legit. What further makes you think this is that they have your personal details, such as your address, email address, and domain details. But anyone can get your domain details on WHOIS, a website that has a search tool for anyone to look up anyone else’s domain. So really, there’s nothing genuine about the fact that they’re sending you an email or invoice.

The Price Is Too High

The “great value” that the fraudulent company is offering you isn’t all that fantastic. The company might want to charge you $20 for one year of service, and $30 for two years. They will try to play up the idea that you’re getting an amazing bargain, such as by mentioning you will save $10. But in reality, you’re losing money. You’re probably paying much less than the sum they’re offering you with your current company!

The Expiry Date Is Wrong

If receiving this email or letter has made you panic that your domain name is in jeopardy, it’s really easy to miss some of the details in the letter that can alert you to a scam. Your domain’s date of expiry might be wrong, so it’s important to check your domain information from the company that currently hosts your domain. This will also provide you with information about when your domain license is going to expire. If you see that the domain name isn’t going to expire when the domain name notice says it will, that’s clear evidence you’ve been the victim of a scam.

Scare Tactics Are A Huge Red Flag

A business that works honestly won’t need to use fear to make you accept their offer, such as by using clever wording to make you feel afraid. Examples include “failure to complete your registration” or “act now!”

Another domain scam that makes use of scare tactics is when a person will phone or email you, telling you that someone has been trying to register an alternative version of your domain name. The person will then say that you can register the alternative domain name with them, but at a price that’s higher than your usual registration fee. The idea is to make you afraid that your domain name is in jeopardy, as well as try to make you think you have to take action to secure it, such as by paying the extra amount. You usually only have a short period of time in which to take the offer, which is another tactic that should alert you to a scam: a legitimate domain hosting company won’t give you one-time offers or offers that expire.

Know Your Hosting Service Company

Hosting service companies tend to send you emails rather than letters. Since the 80s when the first domain names were registered and computers were becoming important for people, things have come a long way. If you consider this, it makes sense that your domain hosting company would send you an email rather than a letter in the mail. If you’ve received a letter, this should therefore make you suspicious of it.

So, why do fraudsters send you mail in the post? It’s not something they do lightly or without thinking about. They think it makes them seem more official to communicate with you via snail mail. It also gives you the impression that the matter is one of urgency because only really important documents and notices get sent in the post. When in doubt, if you receive an email or letter that seems to be from your current hosting service company, you can always phone them to check if they have got in touch with you.

The Scam Might Not Make Use Of Scare Tactics

However, even if the letter you’ve received doesn’t make use of scare tactics, you should always conduct research into the company. Try calling the number that’s listed or checking out their website. Try searching for them on the internet and see if other people have reported them for being fraudulent.

Note The Spelling And Grammar

Companies from China are commonly ones that send out these fake domain name notices. Their use of the English language will tend to be poor, with spelling or grammatical errors. There might also be spelling errors in the email or website addresses that are provided. Sometimes these are easily missed by the eye.

The use of rambling sentences or confusing phrases, such as “domain name search engine registration” could also be used. What exactly does that mean? It’s clearly a bunch of nonsense but the hope is that the fraudster can waffle their way to getting your money.

There might also be spelling errors in your domain name. For example, there could be a letter missing in the name that you don’t notice, such as in the invoice they send you. Although it’s good to scrutinize what you receive, it’s wise not to open any email attachments as these could put you and your computer at risk of viruses.

How Much Of Your Personal Info Is Out There For Anyone To Use?

It’s really easy for fraudsters to find your domain name and your personal details so they can contact you with these bogus offers. That’s why it’s so important to increase your privacy on the internet.

There’s quite a bit of information people can learn about you from your domain record on WHOIS. This includes when your domain was created and when it will expire. There’s also contact information, such as for a billing contact and registrant contact. Registrant refers to the person who registered the domain name.

Your domain name provider gives you the chance to enable or disable privacy features by logging into your control panel, searching for the domain name and then proceeding to the domain management section. After clicking the “privacy protection” link, you will use the toggle to choose your level of privacy. As a result, you are setting a greater level of privacy on WHOIS and the internet in general, you can guard yourself against scams.

IMPORTANT NOTE 1: Some domain names, such as the .us domains, do not offer that capability. If you are purchasing a new domain name, make sure that the privacy feature is available before moving forward.

IMPORTANT NOTE 2: Most domain name providers will charge you a small yearly fee to hide your information.

Criminals Love Targeting Expired Domains

It’s not just current domain names that criminals hope to use for scamming purposes. In 2016, cyber criminals targeted visitors of popular news websites with malicious ads after they gained ownership of an advertising company’s expired web domain. When people clicked on these advertisements on various websites, viruses were installed on their computers.

This just shows the great lengths criminals will go to gain access to domain names. If you’ve had your domain name for a long time and it’s set to expire, bear in mind that you should keep it active otherwise you could lose it forever. Scammers who get info about your soon-to-expire domain name might try to sell it back to you. Know when your domain name is about to expire so you can decide if you want to keep it running or not, and don’t believe companies that contact you saying they can buy expired domains back for you.

Internet scams are nothing new. They’ve been around for decades, shortly after computers and domain names came onto the scene. Hackers and fraudsters are always finding new, creative ways to attract and con people. One of the ways they do this is by contacting you about your domain name and trying to get you to renew it with them. These tactics are always about getting your money, so be sure you follow the above tips for spotting a domain name scam to protect yourself against criminals on the web.