Today’s scammers are becoming increasingly creative in their attempts to deceive domain owners. Every domain or website owner faces the risk of falling victim to various scams associated with the services they use.
In this article, we’ve highlighted four of the most common domain-related scams and provide guidance on how to identify and avoid them. Understanding the common types of domain scams is the first step toward protecting yourself from falling victim!
1. Domain Buying or Appraisal Scams
In this scheme, scammers target domain owners with enticing offers to purchase their domain name, often claiming to have a potential buyer lined up. If the owner expresses interest, the scammer insists on a domain appraisal to ensure fairness for both parties. However, the appraisal service is typically operated by the scammer, and the supposed “buyer” conveniently disappears until the domain owner purchases the service. In cases where the owner’s email address is concealed for privacy reasons, scammers may resort to spoofed emails to create a false sense of legitimacy.
What to Do
First and foremost, refrain from paying for any services. If someone is genuinely interested in purchasing your domain, they should be willing to cover appraisal costs themselves. If they insist you pay, it’s a clear red flag for a scam. Instead, use free online tools to estimate your domain’s value. If you decide to sell, opt for reputable marketplaces offering escrow services for secure transactions. Some marketplaces even provide trustworthy appraisal services you can rely on.
2. Fake Domain Renewal Notices/Domain Slamming
Fake renewal notices, often sent via mail or email, mimic official communications from legitimate registrars. The term “domain slamming” draws parallels to telephone slamming, where phone companies lure customers into switching services. However, domain slamming misleads victims into transferring their domain without prior consent. Scammers may also trick recipients into paying inflated renewal fees.
What to Do
First, always know where your domain is registered. If you are an HIG web hosting client, it is possible that we renew your domain for you and invoice you directly. If you are not sure where your domain is registered or the renewal date, search the WhoIs database.
Always scrutinize the renewal notices you receive with care. Their language often reveals their legitimacy. Here are some steps you can take to safeguard against fake renewal scams:
1. Verify the sender’s email address. Legitimate renewal notices should originate from your registrar or the company where you initially registered your domain name, which could be a reseller. As sender email addresses can be spoofed, consider checking the source code of the message in your webmail or desktop application to identify the sending server.
2. Watch for specific keywords. Pay attention to terms like “offer” or “solicitation,” as these could indicate sketchy emails. While such messages may not be illegal if they disclose their purpose, it’s your responsibility to scrutinize them thoroughly. Beware of phrases like “we have not received your payment” or “your domain certificate will expire,” which may be true but irrelevant to your domain name.
3. Verify links before clicking. If you’re unfamiliar with the URL provided in the email, avoid clicking it. To confirm its authenticity, hover over the link to display the actual URL in the bottom-left corner of your browser or email client.
4. Renew domains through your account. While companies often send direct renewal links for convenience, consider logging into your account to renew your domains if you have doubts about the authenticity of the email.
5. Extend domain registrations for multiple years. Unless you require a domain for a short-term project, consider renewing your domains several years in advance. This practice helps you identify renewal-related scams, as legitimate providers rarely send renewal notices for domains already renewed.
6. Enable auto-renewal if available. This feature ensures seamless domain maintenance and allows you to immediately disregard renewal notices. In case of an alleged auto-payment failure, promptly contact your provider to verify the claim and avoid potential risks.
3. SEO Services Offer Alert
Some SEO service providers send deceptive emails to domain owners, creating the illusion that their domain name is on the verge of expiration or they may promise improved search engine rankings in exchange for a fee, targeting businesses seeking better online visibility. If not read carefully, it’s easy to mistake these emails for legitimate domain renewal notices. Many recipients skim through the content and find themselves easily misled by language like “expiration of your domain name [domain.com]” or “important expiration notification.” However, these emails have no association with domain registration or renewal; they are simply attempts to coerce recipients into paying for SEO services or search engine listings.
What to Do
Exercise caution with any email mentioning your domain name, and carefully read the entire message. Pay attention to keywords such as “SEO,” “offer,” or “immediate action,” which indicate the email’s illegitimacy. Verify the details of your domain to confirm its expiration status. If in doubt, log in to your account to check the expiration date or contact your domain provider for clarification.
Avoid clicking on any unfamiliar web addresses provided in the email. Make payments only through secure links that you recognize or via your domain management account panel. Remember, even if you want SEO services, responding to a scam email is not the solution. Instead, consider digital marketing services through reputable channels like your hosting provider or dedicated SEO service companies.
4. The Fake Hosting Invoice Scam
In this popular scheme targeting website owners, scammers go beyond email and may use regular mail to deceive their victims. The modus operandi is straightforward: they reach out to website owners, claiming that their hosting account is on the brink of expiration. Often, they accompany their message with an unpaid invoice, aiming to create the illusion of an outstanding balance. The invoice typically includes a payment link leading to a platform maintained by the scammers.
What to Do
Upon receiving a notification regarding your expiring hosting account, refrain from immediately paying any pending invoice mentioned in the email. Paying a scammer will not resolve any issues with your website’s downtime. Instead, scrutinize the unpaid invoice carefully, considering the following:
1. Validate the Sender’s Legitimacy. Check previous emails from your hosting provider, such as invoices, payment receipts, and account information emails. If the sender’s email address differs from those you’ve received before, exercise extreme caution and contact your hosting provider before proceeding.
2. Verify the Amount and Services. A third-party company likely lacks knowledge of the specific services you pay for or their associated costs. Any discrepancies in the invoice should raise suspicions, prompting you to delete it.
3. Analyze the Content for Ambiguity. Fake invoice emails often contain urgent phrases like “act immediately” or “don’t lose your website.” Legitimate hosting providers provide advance notifications without resorting to such pressure tactics.
By familiarizing yourself with common tactics used by scammers and exercising caution when responding to unsolicited communications, you can protect your domain and preserve your online reputation. Remember, if you have any uncertainty about an email referencing your domain name or hosting/email service, exercise caution before taking any action. Avoid clicking on links or making payments until you’ve thoroughly examined the sender and the email’s content. Any inconsistencies in the services, amounts, or pressure to act swiftly should raise red flags. Always log in to your account or reach out to your hosting/domain provider to verify the authenticity of any suspicious emails!
