Your domain name is serious business; it represents you or your brand on the Internet, and you want to do all you can to protect it. Which is why we continue to see scams around domain names. Some of these have been going on for more than a decade, others are more recent. But just about every day someone asks us, “Is this real? Do I need to respond to this?” and the answer is always, ‘no.’
What is a typical domain registration scam?
One of the oldest scams started under the name of Domain Registry of America (or Domain Registry of Canada, or several other “Domain Registries of”), and it involves a form letter sent to the physical address listed as the admin contact for the domain in the whois record. The letter looks like a legitimate domain renewal notice—it contains your whois information, the domain expiration date, everything you might expect for a renewal.
The only problem is, it is not sent by your registrar, and if you respond to the letter and pay the fee (which is typically several times more than what you’re already paying), you are contractually agreeing to transfer your domain name to the new company. Once that happens, they make it very difficult to transfer it back out, and often in the fine print of the agreement you unknowingly entered into, they can charge you a “transfer out” fee! No legitimate registrar will ever charge you any fees outside of the domain registration fee itself.
This type of scam relies on victimizing people who are busy or just not paying attention and think, “Oh, another bill,” and throw it into a pile and write a check at the end of the week.
So be very wary of any regular postal mail that has anything to do with your domain name. It is unlikely to be from your registrar.
What’s new in the world of domain scams?
Another scam that has been circulating via email for a few years, and continues today, has to do with “trademarks” and Country Code TLDs. Country Code TLDs are the two letter domain extensions that were designated for use by specific countries, such as .us, .de, .uk, .jp, etc.
Large companies with brand names and trademarks to protect often register many of these domains in an effort to protect their primary domain. If you visit pepsi.de or pepsi.co.uk, for example, you’ll see very different sites than pepsi.com, but they are all legitimate sites run by PepsiCo.
The trademark domain registration scam attempts to get you to register a version of your domain name in different Country Code TLDs (most frequently seen these days using the .cn, .hk and .tw Country Code TLDs). There are dozens of variations of the email, but the gist of it is this:
We have been contacted by an individual or company to register the domain names:
yourdomain.cn
yourdomain.hk
yourdomain.tw
It has come to our attention that you currently hold the trademark to yourdomain. In order to protect your trademark, please respond to this email within five days. Failure to respond could result in loss of your trademark, etc., etc.
When you respond to such an email you are met with a convenient “offer” to “protect” your trademark or domain name by registering yourdomain.cn, yourdomain.hk and yourdomain.tw yourself. They prey on your fear of loss of control of your name or trademark in order to sell you domains that you don’t necessarily want and almost certainly don’t need.
In case you haven’t guessed, no one attempted to register yourdomain.cn, yourdomain.hk or yourdomain.tw. The scammers simply plug existing .com, .net or .org domains into their form letter and mass email them to millions of domain owners.
There are a couple of ways to avoid becoming a victim of one of these domain registration scammers. First, very carefully review any correspondence pertaining to your domain name. Second, enable whois protection, a service that removes your direct contact information from the domain’s whois record.
You can add whois protection to your Winhost domains in Control Panel. And always remember, if your domain is registered through Winhost, any legitimate email about the domain renewal will come from Winhost Domain Services <[email protected]>.
If you ever have any questions or concerns about your domains registered through Winhost, don’t hesitate to contact us.
Unfortunately, the legitimate companies often make this hard. GoDaddy got me to sign up for my domain by having a ridiculously low rate ($2/yr), then of course spiked it up the next year into the normal range. With every visit to their site you’re presented with a “click here to buy these domains that look like yours or someone else will”.
I’m giving serious consideration to transferring my domain to Winhost the next time it comes due.
GoDaddy is one of those companies that I used to love 10 years ago, but about 6 months ago I started moving my domains away from them. It’s enough already with the commercials and the spokespeople and the bimbos – sorry, Go Daddy girls – all of which I subsidize as a paying customer.
And on top of all that, when GoDaddy was sold it had over a billion dollars worth of debt!
Where was I…oh, I think I was agreeing with you.