We’ve been receiving a number of inquiries lately about fraudulent domain renewal and transfer scams customers have received. Seems like a good time to post some information about them, and things to look out for.
We’ve seen lots of attempted scams, but the average customer doesn’t deal with that regularly. So when they are targeted, it can be worrying and confusing.
Scammers rely on worry and confusion a lot.
We have lots of information on scams, spam, and privacy in this article. In this piece, we’ll highlight some of the most important things to look out for.
- We will never send postal mail to you
- We only do domains
- Scammers rely on you being busy, not paying attention, and worrying
- Scammers use slippery language
- It’s not your fault, and what to do next
We will never send postal mail to you
If you receive postal mail warning about your domain expiring and the need to renew or transfer, this is a scam. We don’t send postal mail to anyone, ever. About anything.
Some common scammer sources are: Domain Registry of America, Domain Registry of Canada, Domain Services, or IDNS. Ignore and throw them away. They are not affiliated with us in any way.
Here’s an example of the IDNS one (they’ve been quite active lately):
To reiterate: we will never, ever send you postal mail. Notifications about your account or domains will be sent via email only to the email address(es) you’ve specified for your account and/or registrant contact.
We only do domains
We help you register domains and manage your DNS setup. That’s all. We don’t provide hosting; we don’t work on SEO; we don’t help build websites.
There are lots of scams and spam to try and get you to “submit your domain” to search engines to improve your rankings. And, of course, there’s a price attached. These “offers” are not from us or affiliated with us in any way. And you have absolutely no need for them.
Search engines are marvelously smart and complex and find domains and websites all by themselves. The best way to rank well is to create a great site with great content that people want to find, engage with, and share.
You don’t need to submit your site like entering a contest, and you definitely don’t need to pay for it.
Side note: yes, there are legit services to help you with your site branding, content, and SEO. That is completely different, though, and typically you need to approach them. They’re not going to solicit.
For more information, check out this excellent Beginner’s Guide to SEO.
Also, to help stop these unwanted solicitations, you may want to add our free WHOIS privacy service to your domain (if supported for your type of domain). Information about that is here. That will also help prevents unsolicited “offers” for web development, marketing, or other services you’re likely not interested in.
Scammers rely on you being busy, not paying attention, and worrying
For many people, domains aren’t something they deal with every day. Which makes it pretty common if you don’t remember exactly when your expiry/renewal date is, unless it was processed recently.
There’s a good chance you also may not recall what the registration price of your domain was. Or what the renewal price will be. If the price quoted in a scam doesn’t seem too bad, you might not question it.
Note that a regular .COM domain renewal from us costs $14.90 USD. However a number of scams quote the renewal price as $60 USD, and people still don’t question it.
So if you receive an official-looking notification telling you how much you need to pay to renew, and giving you instructions… Well, you don’t want to risk losing your domain, right…?
An easy thing to check immediately is the sender’s email address. If it doesn’t show @iwantmyname.com, it’s not from us and it would probably be a good idea to check with us if it’s okay or not.
Certain administrative notifications, like registration verification, will come from @ispapi.net. Those are legitimate, and they won’t ask you for money.
You might also receive something called a WDRP notice. That is also legitimate and comes from ICANN. All the info you need to know about that is here.
Scammers use slippery language
Scammers and spammers craft their emails very carefully. (Even those ridiculous spam emails you get from “Nigerian princes” read the way they do quite intentionally.)
Scams are specifically crafted to make you worry about losing your domain, and make it seem like the required actions are reasonable. If you get someone worrying, they’re more likely to rashly follow instructions.
If you read the messages very carefully, they aren’t straight-up telling you that your domain will expire, or that it needs to be transferred. Because that is incorrect and to say so outright would be against domain registration rules.
But they do rely on people not being that familiar with the domains business, not interacting with their registrar accounts often, not wanting to lose their domains, and being busy folks who get a lot of mail and email and rarely have time to read everything closely.
For many people with limited experience, they may only ever have registered one domain. They may never have renewed or transferred one. So there’s no reason for them to know all the specifics. That makes it easy to just follow “helpful” instructions, too. (Note: renewing a domain never requires a transfer.)
It's not your fault, and what to do next
If you’ve been targeted by a scam or have been victimized, don’t beat yourself up. As noted, these people have a lot of experience getting people to do what they want. And even if a fairly small percentage of targets fall victim and pay them, they can make a lot of money.
Above all, if you receive one of these mailings or emails and have ANY questions or concerns, please let us know. We are more than happy to dispel any concerns or answer any questions.
You can also check our help section. We have a variety of articles on the subject (several of them linked above).
If you have paid one of these organizations for what you thought was a legitimate renewal, we recommend contacting your credit card company immediately and starting a chargeback complaint. This may help to get your money refunded.
If you’re in the process of following through, but haven’t paid the scammers yet: STOP. Delete their emails, throw away their mail, and do not give them your contact details or credit card information.
If you have paid them and have completed a transfer of your domain to them per their instructions, that is a bit trickier.
Typically their scam there is to charge you an exorbitant amount for you to get the domain and transfer it back to your previous registrar. This is not actually illegal, since technically you agreed to the transfer; it’s just bad business practice.
More information on the required Form of Authorisation (FOA), which is a permission/agreement to transfer, for generic domain extensions (gTLDs). For TLDs where this has to be done manually, on paper, there is more time to catch scams. However, these days, most domain transfers can be confirmed electronically via clicking a link in an email sent to the registrant. However, the FOA and the transfer process need to comply with registry requirements, and if the rules haven’t been followed correctly a transfer may be invalid, e.g. incorrect information has been presented) and could be reversed.
More information on ICANN’s transfer policy is here. Note that after November 30th, 2016, updated rules will be in place.
If you’re still not clear whether or not you were defrauded, you should contact your previous domain registrar and inquire about starting a transfer complaint. If nothing can be done there, next you would contact the domain TLD registry. And if that doesn’t work, ultimately there’s ICANN’s dispute resolution panel. More information on ICANN’s transfer dispute policy here.
Not everyone will get scammed, but as noted, we see periods of time when scammers get really active. And we consider it part of our job to help people be educated against these activities.
We’re happy to answer questions any time, and if one of these scams has affected you, we’ll do our best to help.