Any entity that has a website has to buy and register a domain name – that is, the combination of letters behind www that is assigned to your site’s IP address — something like www.yourcompany.com. Simple enough, right? But this simple need is the source of seemingly endless domain registration scams. In fact, we get multiple inquiries every month from clients who have been targeted. In this article, we’ll review the most common forms of domain scams, and how you can recognize and avoid them.

About domain names

First, let’s go over the basics of domain names and how you obtain them. Domain names are registered through an entity like GoDaddy (other reputable companies include Domain, Bluehost, and HostGator, among others), and can be bought in year-long increments, up to 10 years. Typically you receive a discount for buying the domain for longer periods of time.

Many organizations will buy several domain names that point to the same site, for a wide variety of reasons. For example, you can often register not only yourcompanyname.com, but also the .org, and .net versions – which makes sense if you’re concerned a competitor will try to buy one of those names. Sometimes, businesses have reason to to register several versions of their company names. Sometimes companies will buy completely different domain names (representing company divisions, varying products and services, specific special events, etc.) and point them to different sections of their site as needs dictate.

In some cases, the company that created your website registered your domain(s) on your behalf, and therefore you don’t have domain information on hand — and maybe you’re not even in contact with that firm anymore. Further, domains are registered in year-long increments, so companies can easily lose track of what entity their domain(s) is registered through, and even what domains they own.

All of these factors make domain name registration an easy target for scammers.

Common scams: domain slamming

We recently received an an official-looking notice from a company calling itself “Domain Registry,” with a snappy American flag logo. “Renewal Information Enclosed: Open Immediately,” the envelope reads. The enclosed letter has a sense of urgency: “As a courtesy to domain name holders, we are sending you this notification of the domain name registration that is due to expire in the next few months,” it reads, and then goes on to outline prices for renewal, as well as a remittance envelope and URL where we could pay online – just like an ordinary bill.

Sounds legit, right? Well, not really – this is an example of domain name slamming, in which unscrupulous registrars attempt to trick you into switching your domain registration from the company you initially bought it from to their own. There’s a clue in the letter: “Domain name holders are not obligated to renew their domain name with their current Registrar or with Domain Registry…. this notice is not a bill,” the fine print reads.

Any reference to “transferring” a domain name is a red flag that the solicitation is actually an attempt to get you to transfer the domain name to a new company at the same time you renew it. It’s easy to fall for it, as everyone has to renew their domain names periodically — and if this solicitation arrives just before your legitimate renewal notice, you might not realize you’re not only renewing, but also transferring the domain to a new (and shady) registering company. We’ve seen these scams in letter/bill format most frequently, but they can be received via email, and even over the phone.

Reputable domain registrars do not send out such solicitations to transfer while renewing — only shady ones do! Double-check to make sure you know when your domain expires and what company you registered it through, and ignore domain-related bills from anyone but that company.

Common scams: website listing services

Another common scam is an email or letter hawking “website listing services.” These solicitations often claim that your business website is not performing well with search engines, and promise “domain name submissions to all search engines and social media sites,” as well as links on prominent websites. The service is typically pretty modestly priced and sounds like it will provide improved search engine results, and who doesn’t want that? If you don’t know what you’re looking at, it can sound like a good marketing investment.

However, these “services” are worthless and may actually be harmful. If you’re interested in improving your site’s search engine optimization, that’s a good marketing goal — you should talk to your developer about strategies. But throw this solicitation where it belongs: in the trash.

Common scams: company name scams

A newer form of domain scam attempts to alarm you into believing that a competitor is trying to encroach upon your brand by purchasing domain names that are similar to yours – often for use in China, with the .cn suffix (i.e., www.yourcompany.cn). The email or letter will originate with a legitimate-sounding registrar company, and will assure you that they have blocked these efforts to buy up domain names – but only for a certain amount of time. Naturally, the company is trying to sell you the domain names in question.

“As an authoritative and responsible registrar, we need to confirm if the company is your company’s cooperative partner. Also we need to verify whether you have allowed the company to apply these names,” one such scam reads.

So essentially, the scammers are using the fear of losing out to a (non-existent) competitor to sell you domain names you don’t need, often at an inflated price.

How to avoid domain name scams

There are a variety of steps you can take to avoid falling victim to domain name scams.

The single most important thing you can do is to make sure you know who your domain registrar is, and when your domain names will expire. If you don’t know, go to whois.net and type in your domain name. The “Registrar URL” will tell you what company registered it, and you’ll also be able to see when it’s set to expire. If you lack account information from the company, get in touch to restore contact. Store this information in a secure place.

Read the fine print when you receive a solicitation. While some scams are more sophisticated than others, virtually all of them will provide clues that something’s not quite above board – and many will contain glaring red flags. And you should never give out sensitive information over the phone or in a website form if you’re not 100% confident of who you’re talking to.

Consider locking your domain. Many registrars provide an optional domain lock feature – locking your domain can help prevent well-meaning employees from falling victim to a slamming scam.

Consider auto-renewal. If you’re worried you’ll forget to renew on time (which can put you at risk of losing your domain), you can generally set your domain to auto-renew through the registering company with a credit card. You’ll receive a notification when the charge is about to go through, and you’ll feel even more confident in ignoring domain-related solicitations from other companies.

Renew your domain name through the original registrar, rather than an intermediary, and keep it where you initially bought it. If you own domain names with different companies (which can happen over time), it can be worth transferring them all to one company – that way, you have only one account to deal with, and you’re less likely to make a mistake or forget to renew one of them. But if you own your domain(s) with a reputable company, there is seldom reason to switch.

List yourself and two other employees under your ICAN WHOIS registration for Registrant Contact, Admin Contact, and Tech Contact. This helps ensure that when your domain is due to expire, someone on your list will receive the email even in the event of staffing changes.

Buy your domain name for an extended period of time. If possible, it’s a good investment to buy your domain name for a longer period of time. This step will save a few bucks and spare you the hassle of renewal – and will also cut down on the number of fraudulent solicitations you receive.

Be alert to grammatical or spelling mistakes. Many scammers, especially overseas domain registrars, send out solicitations with obvious errors.

Other scams: blog content and backlink solicitation

If your website has an active blog, congratulations – you’re engaging in content marketing, which is a highly valuable way to attract and retain customers. Guest posts can be a great way to add value to your blog, when the author has expertise to contribute.

Sometimes you’ll receive a solicitation from a blogger offering to write free, useful content for your blog. Sounds great, right? But these seemingly generous authors are usually offering these posts in exchange for links to products or services in the blog entry or elsewhere (the solitication may explicitly say so, or it may only become apparent when they send you the copy). If you don’t know the blogger or why they’ve gotten in touch with you, chances are they’re being paid by someone to place these links in as many places as they can. Needless to say, this is a scam.

In other instances, you’ll receive an email recommending an article that might be of use to your audience, requesting that you link to it from your website. Usually, it’s pretty obvious that the article is not of interest – the scammer is just trying to place backlinks in order to boost the article’s SEO rankings. Again, simply ignore these types of solicitations.

Conclusion

With a little education, you can learn to recognize the most common scams. But if there’s ever any question, contact your developer and ask!