Domain Renewal – Email Scam

Note: Click here to view a sample email scam email

If you have a website for your company or organization, you likely purchased a unique domain. When the time comes to renew, an email from the registrar should show up in your inbox, alerting you to take action before the domain expires. But what about notifications from companies you don’t recognize? This happens more often than you might think. Such emails are often part of phishing scams and sent by third parties hoping to gain access to your login credentials and hijack your domain.

Although phishing emails have been around for a long time, many people still fall victim to malicious schemes. These four red flags can help you spot a fake domain renewal notice:

No Personalization

Most phishing emails lack the personalization you’ve come to expect from legitimate companies. When you receive an email from your web host or domain registrar, it should begin with a greeting including at least your first name. Phishing scams often start with “dear customer,” “hello” or another generic phrase. You won’t see the logo or brand colors of your registrar, and the signature isn’t likely to contain recognizable contact information.

Urgent Language

Hackers sending phishing emails want recipients to act without thinking about whether or not the message is legitimate. By creating a sense of urgency, they trick many people into trying to renew domains through third-party sites. Tactics may include:

  • Telling you the domain will expire in a short window of time
  • Urging immediate payment of an amount higher than what renewal should cost
  • Claiming you’ll lose your domain or your account will be canceled if you don’t renew immediately

This type of wording is designed to send you into a panic and drive you to react before realizing the email is fake.

Minor Errors

Emails sent from a domain very close to but not exactly matching that of your registrar are common in phishing schemes. Your domain could be misspelled, or the name of an unrelated company may appear in the signature. Also, the email address that they are sending from is long and not a legitimate company For example, (notice the long email address).

Unrelated Services

Some fake domain renewal emails are solicitations from third parties hoping to sell you a service. Companies and individuals collect lists of domain names and their owners from public WHOIS information and send marketing messages disguised as renewal notices in an attempt to trick recipients into making purchases. Although the message may disclose the sender doesn’t “register or renew domain names,” it’s likely to include the same kind of urgent language found in other phishing emails, making it sound as though you’ll lose your domain if you don’t sign up for the advertised service right away. A very common tactic that we see is telling you that your domain SEO or ‘search registration’ is expired and that you need to renew with them or search engines will remove you from the results.

When a fake domain renewal notice shows up in your inbox, don’t click on any links or make payments. Instead, contact your registrar or website administrator. Alert them to the scam, and ask if you should take any further action. Make sure you know exactly when a real renewal notice should arrive by marking it on your calendar so that you can easily spot phishing emails in the future.  You can also purchase domain WHOIS privacy through your domain registrar.  This service hides your information in the public WHOIS database making very difficult for people trying to perform these sort of scams from ever getting your information.