Beware: Email Scams that Steal Domains

Email scammers are even more creative than ever -- BEWARE!!

There is big business online taking advantage of what you don’t know. Better yet, take advantage of what you won’t take the time to understand or read. We’re all rushed; not enough time in every day. Daily I hear folks who exclaim, “Too much information!” (#TMI) when it comes to technology.

That is the biggest challenge for each of us to determine what information we need to rely on, pay attention to, or simply ignore.

Know Who You Can Trust

This is where having a technology partner you can rely on to give you the straight scoop is invaluable. Not the scoop that makes them the most money, not the scoop they “think” may work or “heard” about – the scoop that is important to you and your business’ online collateral.

Remember a while back when telephone companies were accused of “slamming” customers by calling them in the guise of a customer service agent for their current provider or sending out $25 checks that you could cash?

I still see these checks occasionally, up to $40 or more. By providing your account info to these “customer service” agents or cashing that check, you inadvertently switched your carrier without a clear and concise explanation of what you were doing.

Well, if you read the fine print … but who does that?

This type of methodology has now made its way into the online arena. Say hello to domain slamming. Some send “expiration notices” or “renewals” by snail mail or email, giving the perception that they are the company you have your domains registered with – which is not the case. I get these via snail mail for my domains every week.

What you don’t know or read will be used to get you to transfer your domain unknowingly. Do you want to work with a company that relies on this methodology to gain new customers? I think not.

Not to defend these tactics, but… the devil is in the details. These companies do state the reality of their offer in the fine print. If you don’t read the print – then who is at fault? Both sides! The “registrar” using these tactics knows you won’t read the fine print. They hope you don’t remember where you registered your domain, and they count on that. The Registrant (you, the domain owner) who doesn’t read the fine print and just assumes or doesn’t verify the offer is also at fault.

Domain Lingo

So, let’s see how we can avoid this situation from the domain owner’s point of view. Let’s educate you on a couple of issues in regard to domain renewals and transfers in general:

Registrar: a company in the business of offering domain name services. Reputable companies are accredited by ICANN – The Internet Corporation for Assigned Names and Numbers. You can file a complaint as an FYI with this organization for companies they have certified that you have issues with. They cannot resolve the situation, but they do track trends and may take action if enough users complain. Registrars can obtain ownership of domains where annual renewal fees are in arrears. They can then choose to make the domain available to the public or put it up for auction. Read the fine print specific to the terms for each registrar.
Registrant: is the actual owner of the domain – you. If a domain’s ownership changes, the Registrant’s approval will be required in writing and notarized (sans not paying your annual fees). If you are not down as the Registrant for your domain, legally, you are not the owner. The individual/company listed is, and you will need to work with them immediately to get this information corrected.
Administrative Contact: is generally the individual who knows the domain system well enough to make changes to the record if need be. They can be the Registrant; however, most registrants do not understand the process well enough to be their own Administrative Contact. This is where having a consultant you can trust as your Admin. contact is recommended.
Technical Contact: is generally the individual/company responsible for the domain name servers where your domain is stored or hosted.
Billing Contact: is generally the entity that will be contacted for renewal and billing issues.
Domain registrars require a confirmation, usually by email, from an individual already on the domain’s record who is authorized to make any changes to a domain record before a change/transfer can be formalized and processed.
Transfers generally need to be initiated in advance of a 30-day window previous to the actual renewal/expiration date of the record to be successful. Many registrars have a 30 to 15-day “lock-out” date any requests made under that window will not be honored.
Changing Domain Registrant Details will cause a 60-day lock on the domain, preventing it from being moved or transferred for 60 days. This is an attempt to prevent your domain from being transferred from your account without your knowledge.

Domain Slamming?

Now that we have some of the verbiage out of the way let’s get to the crux of this article. Domain slamming.

Top registrars do not send snail mail “renewal” letters to registrants that have domains registered with other registrars stating that their domain is up for renewal. The more astute registrars have backed off these practices due to widespread complaints claiming deceptive practices.

What happens? Businesses do not realize that the letter is NOT from the company they originally registered with and end up unknowingly transferring their domain. In some cases for a bunch more than you are currently paying. If someone familiar with domain renewals/transfers does not handle this process properly, you could cause your website to go offline or, worse yet, lose ownership of your domain(s).

Proceed with Caution

Stop right now and make note of who your official domain registrar of record is. Then if you receive via email an “IMPORTANT NOTICE” or “DOMAIN EXPIRATION NOTICE” from any “registrar” other than yours — hit delete.

Regardless of their claims of you missing an opportunity or having to spend more money later – ignore them. Their “notices” are created to give you the impression that they are the original registrars offering you a deal. You send your check, confirm by email, and your domain gets transferred to them, and you are then their customer. Worse yet, if you realize the error you made, just try to get them to provide a refund or resolve the situation in a friendly and professional tone. Based on my experience, that won’t happen.

Unless the communication is from the company you originally registered your domain name with and you know that for a fact – most likely, the communication is nothing more than a sales letter trying to entice you away.

Most domain record information is publicly available for you to search using a WHOIS service — here’s GoDaddy’s. There is no reason for you not to know where your domain was registered or who is on your contact information.

Take Action Now

Protect yourself from companies that will assume you will not double-check their claims. Take the time to note where your domains are registered, read the fine print, and partner with a consultant you know can be your advocate on such issues. Because, as you know, with Information Technology – information is power – but only if you use it.