Domain Name Scams Revisited

Domain names are a critical part of any online presence—but they’re also a common target for scams. Whether you’re a business owner, developer, or casual website user, understanding how these scams work can save you money, stress, and even your brand identity. Domain names are registered through companies called registrars. A registrar can show you which domain names or variations are available.

Common Domain Name Scams

Domain Renewal Scams

Domain renewal scams are one of the most pervasive. Typically you receive an official-looking email (or letter) stating your domain is about to expire. Since many domains do not hide (privacy setttings are available at a cost) basic information like ownership, renewal dates, or contact info, this data is publicly available. Scammers can time these emails so they arrive close to your domain renewal date if they desire. The communication urges immediate payment, going so far as demanding payment or risk the loss of your domain name. If payment is made, it is often going to a scammer or transferring your domain name to an undesired registrar. Registrar changes may impact the availability of your website as DNS (Domain Name Servers) settings are transferred and resolved.

Losing control of your domain name may damage your reputation if the domain name is pointed at a site that does not reflect the standards of your business. Your domain name could be directed to an adult site, a casino, or perhaps the site of an extremist group. Until the problem is resolved, your customers could be directed to a website that runs counter to your brand.

Domain Slamming

A variation of the domain renewal scam is called domain slamming. Not unlike past versions of phone service provider slamming, this scam has the sole purpose of transferring your domain name to a new registrar. The new registrar may be more expensive, or offer poor customer service. Recent changes have done a lot to halt this scam. Authorization codes are now required to complete a domain name transfer.

Domain Name Typosquatting

Typosquatting takes place when a scammer registers domain names similar to popular legitimate websites (like “goggle.com” instead of “google.com”). These variations of popular domain names trick users in to visiting malicious or unsavory websites. These websites, which often look like the legitimate site, are used for phishing, deploying malware, or offer bogus advertisements. Typosquatting exposes Companies to reputation damage and brand impersonation which may require legal action to rectify.

The most common techniques are domain name misspellings, transpositions (swapping letters like "amazno.com"), alternative top level domains (TLD's) (swapping ".com" with ".cm", or ".co", etc.), and combosquatting (blending words with legitimate domain names like "ebay-service.com").

Fake websites can be used to steal personal data, credit card information, or login credentials. A malicious site may be used to down load malware or viruses on visitors computers. A legitmate company may lose revenue, visitor trust, and brand authority due to being associated with one of these malicious sites.

Protect Yourself

You can protect yourself from renewal and slamming scams by evaluating email and other notifications with skepticism. Did the email come from your domain name registrar? Is this different from how you have paid for your domain name in the past? Are you familiar with the company that sent the email? If you are uncertain, check with your domain name registrar or the person that manages your domain name.

To reduce the risk of typosquatting choose a short, memorable domain name that preferably includes your business name. Purchase other similar sounding or easily misspelled domain names. The cost of a few domain names is much less than the cost of potential damage done due to typosquatting.

Lock your domain name. A locked domain name cannot be transferred until you turn off the setting. Think of it like locking, or freezing your credit. DNS settings cannot be changed, transfers, and server updates are prohibited as long as your domain is locked.

Finally, keep track of your domain name(s) and the name of your registrar. Login directly to your registrar's website, do not click on email links. Domain locking and two factor authentication add additional security.

Domain name scams are becoming more sophisticated but they still rely on creating urgency, fear, and confusion. By staying informed and keeping track of where your domain name is registered you can avoid falling prey to a scammer.