Beware Email Scams Targeting Domain Owners Part 1

What are email scams for domain owners?

Domain name scams are generally confidence scams or less frequently, intellectual property scams. They involve sending authentic-looking emails to domain owners, allegedly from domain registrars or affiliated institutions and attempt to trick domain owners to click on a link, to submit their login details, or download files for the purpose of installing malware, for phishing for personal or bank data, or domain transfer codes. This will allow offenders to effectively gain control over owners’ domains, payment details or infect their computer devices as part of targeted cyberattacks.

Such scams are not uncommon because communication between domain owners and domain registrars is normally by email. Cybercriminals harvest email addresses from the domain’s Whois record which is a record containing domain registration and owner information including contact details. The Whois database is publicly accessible. Most domain registrars offer the option of Whois privacy which replaces personal and contact data with the service provider’s.

To learn more about Whois privacy, visit <Benefits of Using Whois Privacy>.

Please note that automatically deleting registrar emails is not the solution since your registrar does send notification emails about renewal, transfers, etc.

What are the most common types of scams domainers should know about?

Predictably, most common are domain renewal or domain expiration email scams. If you own more domains, such notifications look familiar enough to you so it’s easier to trust them and fall for them.

Another common type is domain abuse notifications that threaten to suspend your domains because they spread malware unless you take immediate action. They are very urgent and play on your fears.

Domain slamming is still another type that tricks you into transferring your domains to another registrar when you think you’re only renewing your subscription.
Fake domain buy offers look like bargains for you, but in reality aim for your pockets — you are required to pay appraisal fees and advance charges and if you do, you never hear from the ‘buyer’ again.

A rarer type is fake trademark protection where offenders claim that another owner is trying to register domains with your trademark under other domain extensions and urge you to respond and eventually register them immediately yourself.

Let’s take a closer look at how these scams work and what you can do to avoid them:

1. Domain renewal/expiration scams

This type is more or less self-explanatory. It may not be easy to detect, though. Attackers use social engineering techniques to target users better. This means that the email address may come from a domain name very similar to your real registrar’s and have their real contact details at the end as well. Using the Whois database, it will contain your real names, perhaps true domain expiration dates as well.

The aim of the scam is to trick you into clicking on the renewal link using your login details to supposedly renew and then perhaps entering your payment information.

This means that you may lose control over your domain and your payment details maybe collected for further misuse.
To escape this distressing scenario:

– Don’t click on links, don’t submit any identifying information /names, login or payment details/ and don’t download anything from that email.
– Verify as many details from the email as possible: compare email addresses with your previous correspondence with the registrar, check your expiry dates, etc. If you notice anything suspicious, contact the registrar directly to find out if the email is really from them. If it isn’t, you can simply delete it.
– Take steps to protect your domain information. If you’re a big company, make sure that only the persons responsible for domain administration have access to user names and passwords and change them regularly as well.

In 2014 such email scams supposedly from ICANN (International Corporation for Assigned Names and Numbers) reached domain owners so it helps to be extra careful with well known names, too.

To read about a fresh case, go to <Watch out: Domain Expiration Scam on the Loose!>.

2. Domain suspension scams

Emails are usually very urgent and warn you that due to complaints your domains may be suspended and even legal action may be pending. You may be accused of spamming or spreading malware.

Again, attackers personalize the email including your names, domain details and it appears to be sent by your domain registrar including genuine-looking email address, company name, perhaps even logo or contact information.

The aim of this scam is to spread malware by tricking you into downloading files such as detailed complaints or reports or call for immediate action. If you download anything, malware will be installed on your device which can cause you damage that is difficult to predict. Your domain may be stolen as well.
To avoid this unpleasant scenario:

– If it’s the first time you see such emails, don’t panic and don’t click on anything until you read it through.
– Again, don’t submit any identifying information /names, login or payment details/ and download anything from that email.
– If you’ve got many domain names, it may be useful to check the status of this one — if it’s got an active website as well, how long it has been yours, etc. Obviously, if you find out it’s been parked the whole time, then the warning email is groundless and therefore a scam.
– If in doubt, contact your domain registrar to check if it’s from them.

Note: You can read about the other types of scams in Part 2 of this post here: <Beware Email Scams Targeting Domain Owners Part 2>.

Need some help?