Generally, domain scams are tricks to get you to part with money, your domain, or even both. At the very least, they are a headache.
But if you rely on your website for business, they can be much more than that: if you lose control of your domain, the impact of having to change your site’s address can cost you money. Because of this, it’s worth learning how to spot the scams. Here are the three most common.
The urgent letter in the post
This ploy uses an official-looking letter to coerce you into transferring your domain to a different registration company.
- How does it work?
You receive a letter through the mail (they use the post because it seems more official) informing you that your domain name is due to expire. These letters often have titles like ‘Domain name expiration notice’, and encourage you to renew your domain.
The notice creates a sense of urgency, often by warning that ‘failure to renew your domain name by the expiration date will result in a loss of your online identity’. However, if you reply, you would not only be renewing your domain – you’d also be transferring it away from your current registrar.
- How do I avoid it?
Make sure you know how your existing registration company contacts you. For instance, at 123-reg, we don’t send out letters – so you can be sure that a notice like this didn’t come from us.
You can also familiarise yourself with the way your registration company handles renewals. At 123-reg, everything is done via your online control panel. So if you receive a communication instructing you to renew in a different way then it’s almost certainly some sort of scam.
The pressurised cold call
With this you, you’ll get the hard-sell down the phone.
- How does it work?
The scammers get hold of your phone number – usually from your business’s website or another publicly-available source (like the phone book or something). Then they call you up. Their pitch is normally along these lines:
“Hello, I’m calling from such-and-such company. A client of ours has asked us to register [insert some domain names very similar to yours] on their behalf. I have them on the other line and they are all ready to pay, but I needed to do a check to make sure they’re allowed to register them. If you want to register them instead, I can put that through for you now – it will cost [insert extortionate amount].”
- How do I avoid it?
This sort of scam tends to increase when new domain extensions – like .eu or .asia – are released. The best course of action is to politely decline (or just slam the phone down – it’s up to you). The ‘client’ is just a ploy to force your hand.
Again, find out if your registration company would ever contact you in this way. At 123-reg we might email you to let you know a new domain extension has become available, but we wouldn’t call.
The phishing scam
It’s just like those emails asking you for your bank details and PIN.
- How does it work?
This is rather like the postal scam above, but the messages are sent via email and not in the post. This lets the scammers target more people – they can send out millions of emails automatically, at a very low cost.
The less malicious versions simply say that your domain is soon to expire and encourage you to ‘renew’ it. Or they can be more sinister: they may pose as a message from your existing registration company in an attempt to fool you in to entering your account details.
- How do I avoid it?
If you’re in any doubt about the origin of an email, don’t click any links and don’t enter any information. If you’re not sure if a particular email was sent by your registration company then contact them to check.
And if – as with 123-reg – you need to log in to a control panel to administer your domains, do this by typing the address into your web browser rather than following a link in an email.
Other ways to combat the scammers
There are a couple of other things you can do to make life difficult for the domain name crooks out there. We covered these last time, but to reiterate:
- Hide your details. With some domains, you can opt to remove your personal details from the WHOIS database. Take advantage of this by using our WHOIS privacy service. If the scammers can’t see your details, they can’t contact you.
- Keep your domain locked. A locked domain can’t be transferred. If your domain is registered with 123-reg, you can lock and unlock it from within your 123-reg control panel.
Finally: use your commonsense. If you think a letter, email or telephone call might not be what it appears, then don’t take any action.
Check when your domain is actually due to expire, and be wary of any communications that aren’t from the company you registered it with. A quick search on Google can often confirm your suspicions – and you can always get in touch with your registration company directly.
Have you ever been stung by a scam? Leave a comment and let us know.