I got a letter last week from Internet Domain Name Services:
I have never heard of Internet Domain Name Services (iDNS) and they are not my domain registrar. What are they doing then? Well, they’re offering me a (maybe?) legitimate way to renew my domain, except at three times the price I would be paying for it otherwise!
I was impressed that this scam went offline and used snail mail, but scams like this are common if you have a domain publicly registered in your name.
Quick Aside: How Can They Figure This Out?
You can see lots of information about who owns domains and where those domains send an internet browser on who.is. If you’re unclear on the difference between a web host and a domain, you can read that quick primer on NonprofitWP.org.
Types of Domain Scams
Besides this scam that tries to get me to use a different domain registrar while paying a higher rate, the other common type of scam I see usually involves people trying to sell you other similar domains under the guise of “intellectual property” concerns. Most of the scam emails I’ve see of this type seem to originate from China. (So for example, they’d try to sell me mrwweb.cn.)
Other more malicious scams might try to actually steal your real domain so your visitors are taken to a new site not in your control.
How to Avoid Domain Scams
Luckily, it’s not too hard to avoid these scams if you do a few things up front:
- Make sure you know the name and website address of your domain name registrar
- Save the expiration date of your domain in the same place so you know when to expect it to expire
- Know the going price for domains. This varies depending on the top-level-domain (TLD) like .com or the new .ngo. You can find this by searching on a legitimate domain name registrar like one of my favorites, Hover. ((If you register a domain through this link to Hover, I get a small $2 commission at no charge to you.))
- Set your domain to autorenew with a valid credit card
That last step is by far the most important and will also help prevent you losing your domain simply because you forgot to renew it. With autorenew on, you can safely ignore the scam emails because you know your domain is taken care of.
Finally, I’d recommend you treat your domain registrar account with a similar level of security as you might a bank account:
- Be paranoid about any emails or letters asking for information about your domains.
- Don’t click links in emails. Instead, go directly to the website of your domain registrar in a browser.
- When in doubt, call customer support to confirm if your domain name needs any maintenance or is expiring soon.
Domain names are a crucial part of any organization these days—it’s your front door on the internet—so it’s important to be aware of and guard against these scams. A little work up front can save you from a huge problem later.
Something Fun: Reply All Gets a Domain Back
If you’re interested in what happens when someone loses their domain, I highly recommend this great episode of Reply All, one of my favorite podcasts: