Over the years, we’ve received countless emails from clients regarding “Urgent Notices” that appear in both their mailboxes and inboxes from companies looking to renew their website domains. These invoices can look surprisingly legitimate at first glance but are complete scams. Thankfully, our clients reach out to us before paying these scammers.
Domain renewal scams, also known as “domain slamming,” is the process in which someone tricks a website owner into transferring their domain registration from their existing registrar to a new registrar at a significantly increased rate. The worst part is that some businesses who fall for this scam can have their website taken offline or lose ownership completely.
To help you avoid becoming a victim, here are some helpful tips to protect your business from domain renewal scams.
1. Register your domain yourself or hire a trusted website developer (like us!)
At SkyeLine, we use Namecheap, one of the most widely used domain registrars. Namecheap is accredited by the Internet Corporation for Assigned Names and Numbers (ICANN), which allows them to guarantee complete protection and privacy of your domain. After registering your domain, ensure it is locked so it can’t be transferred.
2. Use an email not associated with your domain when registering.
As a rule, stick to reliable email platforms like Gmail or Yahoo because if your website domain goes down, you’ll have no way to verify that you are the owner when your website branded email becomes inaccessible.
3. Make sure you set up a secure domain privacy system.
Once you’ve chosen your registrar, be sure that you set up domain privacy. Cybercriminals can locate your contact information in the public WHOIS database and use that information to send fake renewal notices. Domain Privacy will hide your contact information, and scammers can’t contact you if they don’t know who you are. Namecheap offers domain privacy for free, which is another reason we use them. Other registrars will charge a fee, but it’s worth it for the extra protection.
4. Ignore any correspondence until you know it came from a trustworthy source.
Suppose you receive a potential domain scam via email rather than mail. In that case, you’ll notice that they typically come from third-party domains such as @gmail or @yahoo rather than an email account associated with your company’s domain provider. That’s a clear sign you’re dealing with a scammer.
If you get a letter in the mail, here are some of the companies that engage in domain scams that you should watch out for Domain Registry of America, Domain Directory, Domain Listings, National Domains, Simple Domain Hosts, iDNS, Domain World, and others.
5. Set your domain to auto-renewal.
To avoid questioning whether your domain is up to date, set your domain registration to auto-renewal. This way, you can ignore any solicitations. And don’t forget to update your credit card information when you get a new card.
On average, domains should cost anywhere between $10 – $30 a year. Scam artists charge inflated registration fees of up to 10x the standard rate as part of their process. If you see an invoice for over $100, chances are you’re looking at a scam notice.
6. Know the signs of a domain renewal scam – some are pretty clear.
There are many tell-tale signs of a scam. Among the most prominent include words like “URGENT,” “time-sensitive,” or “last chance” that pressure you to act fast. However, if you read the fine print, some notices include statements like “this is not an invoice,” “accept this proposal,” and so forth – all clear signs of fraudulent activity.
7. Still not sure? Contact your web designer before doing anything.
Whether it’s snail mail or in your inbox, do not engage with any part of the solicitation notice if you’re unsure if it’s legitimate. This extends to clicking on links, visiting the domain’s website, and even calling phone numbers. Those who engage in fraud will persuade you further if given a chance, so avoid any contact before verifying their credentials. Also, make sure your team knows who your trusted companies and partners are so they can avoid reaching out to any scammers.
8. If you’re outraged, you can report the scammers.
If you’ve gone through all these steps and successfully spotted a domain renewal scam, the easiest final step is to throw the letter out or delete the email. However, if you’ve got the time and you’re fired up, you can tell your domain provider about the situation. You can also file a report with the Federal Trade Commission (FTC), Better Business Bureau (BBB), or the ICANN Complaint department. Be sure to include a copy of the letter or the email, so they have all the necessary information to take legal measures.