Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on January 20, 2014

So you’ve got a great domain name: Here’s how to protect it from scammers


So you’ve got a great domain name: Here’s how to protect it from scammers

Social security, drivers license, PIN and… domain names? Who would have thought, say 20 years ago, that a defining name, marked with at least two periods and three W’s would be defining characteristic of our digital profiles?

A good domain name can clearly describe who and what something is in a few characters; be it a business, organization, government, or personal blog, an owned domain name is an essential DNA building block to branding, SEO and digital presence.

Domain names have gotten more creative (or complicated, depending on how you look at it) over the past few years. The king of the domains, .com, in the past few year has been challenged by vanity URLs.

With links shortened in vanity fashion to market a company, it’s more important than ever to secure (and never let go!) of domains that could be associated with you main company site. For example, type in http://tnw.to in your search bar and thenextweb.com still comes up.

This opens the door for marketing from the beginning with simple cosmetic alterations on a domain theme. In the quest for obtaining and maintaining the optimal domain name, the stakes can be high – leaving buyers vulnerable to scams.

Take a moment to learn what to watch out for and how to protect yourself against the domain demons.

Registrar switcheroo

Domain name scams can come at you from multiple angles. The two main types of scams, as identified by the Office of Fair Trading in the UK, are registration and renewal scams.

Domain registration scams, also known as domain slamming, happens when the domain name registrar attempts to deceive the owner into transferring their domain over to them from their current registrar.

Example_of_Domain_Slamming_phishing_email_by_Network_Solutions
An unsolicited domain slamming email from Network Solutions / Wikipedia.org

The non-profit Internet Corporation for Assigned Names andNumbers (ICANN) is the governing body of keeping the Internet operational and stable by providing tech maintenance of DNS root registries and managing net protocol numbers.

ICANN introduced the safety measure of domain locking, also known as registrar-lock, in 2004. When you set the lock it prevents accidental modifications, such as transfers, from happening.

Some domains run on “EPP” code. If you as the domain owner hold the eight character authorization code required to transfer, you must willingly supply it to a domain registrar to transfer.

This extra step requires you to mindfully acknowledge what company you are transferring to. Keep you codes close!

Forget-me-not

Not as common, but sometimes the scammer, or problem, is someone you know or something you forgot. President and CEO of Workbox, Inc., Eric Weidner, has been working on the Web for the past 17 years. He’s noticed some common problems his clients have been forced to deal with.

“The most common challenge my clients have faced is losing logins to their domain name registrar service account, or having logins withheld by a disgruntled employee or subcontractor,” Weidner said. “Retrieving a lost login can be a real nuisance, and people only seem to realize they don’t have them when they need them most!”

Keep logins to your domain name registrar account information updated, safe and only shared between a few people. Always have the information distributed to more than one person in case something happens to the person or their job.

Protect thy name

Another common scam in world of domains is coming out of Asia, mainly from China. The registrar will send a company president or CEO a notification that another company is attempting to purchase domains featuring signature elements of the brand in question.

Additionally, the registrat will claim they saved the day and ethically halted the bulk registration in order for the domain owner to have a chance to purchase the domains instead. The scammer will usually put a one-to-two-week limit on the “hold.”

It’s a ploy that leverages pressure and fear of domain squatters within the company head or domain owner. When the scam goes through, it’s usually the owner attempting to protect the trademark of a company, individual or product.

Arm yourself against this scam by acknowledging that these domains in question often have different top-level domains (TLDs) such as .cn or .in instead of .com. If your company does have business or interest in Asia, take charge and register your domain with a country-specific TLD upfront.

If you are hit with an email that does look like a scam, contact your main domain name registrar that you trust. They will help you move forward with the appropriate, economical actions.

“None of my clients have been scammed to my knowledge,” Weidner said. “But, quite a few have asked me about emails that were clearly scams, and I told them to ignore them.”

Attention to detail

In the next few months, we will begin to see additional generic top-level domains (gTLDs) being registered and used in the mainstream. For example, instead of .com we will see .shop and .Chicago – and potentially other brand-centric ones like .walmart and .msnbc.

With more options for domain variation, there are also unique opportunities for scams. Say you own a website with a country code specific TLD, sampledomain.nz. Another common scam you might experience is an company taking your international domain and pitch you for renewal on one similar, such as sampledomain.info.nz.

The best defense against this is to know what domain you want and read any notifications worthy of attention closely for small details. Mark an alert on your calendar when your owned domain is in need of renewal. This way, any notifications outside of this will be noted as false.

Money back not guaranteed

If you do fall victim to a domain scam, there is no guarantee you can get your money back – whether it’s a $4.50 transfer charge or hundreds of dollars in TLD domain purchases.

Elusive scammers, false names and domain registrars based overseas make it difficult for legal action to proceed. You should file a complaint with the Federal Trade Commission if this happens. This friendly, animated video explains how!

Basics bytes

We leave you with some last notes on how to secure your domain from common scams.

1. Irrelevant information, wrong information, misspellings and inconsistencies should be a red flag that the correspondence in question about your domain name is likely a scam.

2. If you do not recognize the person or company who sent the correspondence concerning your domain name, you should likely delete immediately and flag as spam in your inbox.

3. Check the URL details of the registrant (the part after the @) who contacted you on Whois.com. Likely the registry date will have been a couple days prior. The scammer will use this URL and name for a short time before discarding for a new one to avoid getting caught or leaving a trail.

4. Whois.com will also tell you the real expiration date of your domain. Confirm that this matches the number of years you paid for.

5. Scroll to the bottom of this European Domain Centre site and utilize their directory. Check any questionable emails against their current list, the copy and paste the identified spammer email address into your email “block” list.

6. Weidner’s parting words on the subject were, “If you get an email or call that seems at all fishy, ask someone you trust with experience building and hosting websites. Also, be sure you know who your registrar is and that you have access to the login.”

Stay safe out there!

Top image credit: Shutterstock/jesadaphorn

Get the TNW newsletter

Get the most important tech news in your inbox each week.