I recently received an email in my inbox that I knew was someone trying to either (1) get me to spend a lot of money on a product I did not need, (2) trying to steal my credit card information for their own nefarious use, or (3) a combination of them both. You can read about my experience and view the video I made about it on my blog.
And, here’s the thing – I’m in the internet business and even I still get these type of emails. Luckily, I know how to spot one at first glance and don’t fall victim to them, but some of them are so good and cleverly disguised as being something they aren’t, that I can see where someone who doesn’t live and breath the industry could fall prey to one.
There are several types of scams involving domain names, all targeting a different positive outcome for the scammer. In the case above, I truly believe they were looking for a sucker who would let them charge $50+ dollars to their credit card, in exchange for a service that person could have performed themselves easily, in about 15 minutes.
Or, they were trying to gather unsuspecting victims’ credit card information, to either sell or use themselves. The fact that they were a newly registered domain themselves, out of a foreign country, and had no discernible branding to their website, led me to believe it was probably the latter or a combination of both.
What Is a Domain Name
Your domain name is your website’s “address” on the internet. Every website needs one to make it easier for clients and customers to find it. Otherwise businesses would have to give them a series of numbers as a “domain name,” which nobody is ever going to remember.
You purchase your domain name from a domain registrar. Sometimes your website hosting company will do that for you, or you can do it yourself from a company like GoDaddy, Tucows, eNom, or a variety of other legitimate domain registrars out there.
That domain name is then “mapped” to the DNS (domain name server) that hosts your website, making it easy for people to find online.
When you register your domain name it is important to make sure that you remember to renew it every year – or every five or ten years, depending on how much time you originally purchased.
Not renewing your registration on time will cause it to go back into the “pool” of names and be available to someone else to purchase and use, or in some cases, try to sell back to you at a very inflated price, because you let it lapse.
Always, always, always keep a record of who your actual registrar is, which will help you avoid falling victim to a number of scams out there involving domain names, domain registrations and domain renewals.
When someone registers a domain name, their information goes into a publicly accessible database, managed by ICANN (Internet Corporation for Assigned Names and Numbers), that shows the domain owner’s name, address, telephone number and email address. This information must keep up-to-date and accurate.
Usually, once a year, your legitimate domain name registrar will send notice to you to make sure that you review your registration information and that it is up-to-date. And, to also remind you that it is coming up for renewal.
But, unscrupulous companies and individuals may then use that public information for a variety of purposes. Some may not be outright “scamming” you to steal personal information, but may otherwise be trying to part you and your money by offering inflated prices on services that you don’t have to pay for.
In my book that is still a scam, because it is taking advantage of people who don’t know much about the internet and how it works.
Domain Name Slamming
Probably the most prolific “scam” comes in the form of “domain registration scams” or “domain name renewal scams.”
Domain slamming is a scam which involves a domain name registrar attempting to trick a domain owner into moving their domain name from their existing registrar, over to their own service.
It often arrives under the pretense that the domain owner is simply renewing their subscription to their current domain name plan with their current registrar, but that is not the case. This is a different party entirely.
It is similar to the old “telephone slamming” method, in which a subscriber’s telephone service was changed without their consent. You will also see this same thing used in credit card processing with “merchant account slamming.”
Be sure to read any renewal notices very carefully and make sure they are legitimately from your current and real registrar. These notices are sent from companies taking advantage of what you don’t know, or of the fact that you may be too busy with everyday life to really understand and read what they have sent you.
If you receive a “DOMAIN EXPIRATION NOTICE” or “IMPORTANT NOTICE” email or letter, from any registrar who is not the one you deal with, just throw it away. It doesn’t matter if they say you are “missing an opportunity” or “may have to spend more money later.” Ignore it. Their letters and emails are specifically crafted to give you the impression that they are the original registrar offering you a special price or deal.
Make sure all of your administrative, technical and billing contacts are updated on your domain. Understand that domain name registrars require a confirmation, usually by email, from one of these individuals to authorize a transfer of your domain to another registrar.
Always be on top of who they are and make sure they are aware that this could happen. If you, or they, get a notice for a transfer, make sure it is one you legitimately made or requested.
That’s not to say that you can’t legitimately move your domain name to a new registrar. I have done it. My clients have done it. And, I have done it for clients in the past. Just make sure it is you who is requesting the change on your own volition, not because someone tricked you into it.
Domain Name Expiration Notices Sent by Mail
Another scam that happens a lot is one where the domain name holder receives a notice in the mail. I can’t tell you the number of these I have seen from clients who want to know if this is for real or not.
You receive a letter by regular mail saying that your domain registration is coming up for renewal (and chances are it is, remember this info is publicly available), and you must renew it to retain exclusive rights to it on the web.
It will look something like this:
While it could be argued that this isn’t necessarily a scam, but rather a sales method, it is still confusing to people who don’t know the difference or technical aspects of the internet.
In a letter such as this, they are very clear that you would be transferring the name to them, if you read it carefully enough. But, they preface all this information with the doom and gloom of “losing” your domain name if you don’t take care of it. Presumably through them at their extremely inflated pricing packages.
Asian Domain Name Scam
This is a scam that has been going around for a while. Asian companies will send an email to their “victim” pressuring them to register their identical domain name in Asian Top-Level-Domains (TLDs).
They present themselves as accredited Asian registrars, usually out of China, and notify the recipient of their email that a client of theirs wants to register a domain name containing their company’s trademark or brand name.
They go on to state that they realize that you own the rights to the name in question and they would like, for “ethical” reasons (wow, how ironic!), to give you first crack at registering it with them.
They go on to say, this way you will not lose your rights to the domain name to another “person.” They give you a short time period to respond, or they say they will “release” the name to the other company for registration.
They take on a good cop/bad cop role between themselves and the fictional person that wants your domain name, making it sound as if they are doing you a huge favor by giving you this heads up.
They say they are giving you “first option” to maintain your brand name, by registering it with them instead. Often they want to sell you the Asian version of the domain nam, at a highly inflated price, with a long term (usually 5 to 10 years minimum).
Many people fall for this and will go ahead and register their name with a .ASIA extension, even if they really don’t need such it for their business.
While I am all for trying to scoop up your domain in the .COM, .NET and .ORG versions, if available, I’m not sure buying every single possible iteration of it, such as .ASIA is really necessary for most companies. Unless, of course, you routinely transact business overseas in certain countries.
Other Various Domain Name Scams
Then, there are scams that involve tricking people into thinking they are going to lose their domain name, if they don’t take some type of action immediately.
This is similar – though there are many iterations – to an email I received from a company claiming to help me “make sure I continue to be found online,” while wrapping it up in an ambiguous load of prose about “domain renewals” and “domain registrations.”
My most recent run-in with type of scam was a “Domain Name Search Engine Registration.” Whether their end goal was to sell me a highly inflated service, or to steal my credit card info, I will never know. But, I can assure you a scam it was.
Despite how this email above is passing itself off, it is not domain name registration, but rather an expensive charge for a service that you don’t need to pay this type of scammer for to be “found on the internet.”
Navigating the Muddy Waters and Not Falling Victim
Your best defense in not falling victim to these snake oil salesmen is to be knowledgeable about what your domain is and how to manage it.
Domain name information is publicly available. There is no reason for you not to know who your registrar is, or who your contact points for your domain are.
You can verify all of this with a simple WHOIS search online. Protect yourself from scammers who are relying on you not knowing this information.
If you get any correspondence from a “registrar,” whether by email or regular mail, throw it away, if they are not already your real registrar. You certainly don’t want to throw away something from the real registrar and miss important information that you may need in regards to your domain name.
Set your domain name to auto-renew every year. When you purchase a domain name, the registrar usually has a control panel that will allow you to administer it. From here you can change your contact information and also set it to auto-renew.
My suggestion is to set that to auto-renew at the end of every term, so you don’t have to worry about it again. You can simply ignore all messages about renewals then, and avoid confusion entirely.
Sometimes, if you have just a gut feeling that something is wrong, it may be. Ask a colleague or friend if a letter or message doesn’t feel “right” to you. Ask someone who may be knowledgable about the internet to take a look for you – your website designer or developer (I do it all the time for my clients), your web hosting company, or a family member or friend who is really into technology. A second set of eyes never hurts.
Make sure you actually do renew your domain, if it is coming up for renewal. Do this with your real registrar, if you aren’t thinking about switching. Failing to renew on time will result in you losing your domain name, often times to a “drop catcher.”
This is a person, or registrar who does it on their behalf, who scoops up your expired name the second it becomes available. Often times they do so in hopes of selling it back to the original domain name holder at a huge price markup, or to one of that company’s competitors.
One thing I can’t stress enough to my clients is don’t lose your domain name! It would be almost as bad as losing your business name.