Domain names: beware of misleading sales practices and fraud
Domain names: beware of misleading sales practices and fraud
It has been happening since quite a while, but recently we have again noticed a surge in scammers or companies with questionable sales practices and identical identity that are targeting SMEs that have one or more domain names.
There are many techniques that are used. We explain the most important ones and conclude with some tips.
The classical one: false invoices
The example below is already well known. This is clearly a false invoice as there is no address of the sender, the website is incorrect, and moreover it is not stated which domain name it concerns. In addition, you should always question invoices regarding domain names received from a different party than the one where you already have them. That is why it is a good idea to have all your domain names centralized with one partner, such as e.g., K-Force.
Sales by email and telephone
In addition, it happens that you are contacted by email or even by phone by a company to give you the opportunity to register a domain name with an extension other than yours, before someone else does it. For example, you have had the domain name www.thisismydomainname.com for several years now. The company that contacts you says it has received a request from one of their customers to register the domain name www.thisismydomainname.net. But they want to give you the chance to register it first. That way, your customers won’t be confused if they end up on another website via the .net extension. Here too, if you want to register this domain name, do it through your current partner and don’t trust an external party who is maybe trying to convince you under false pretext.
Moreover – and that is a clear signal – people often try to have you commit for eg. 10 years. As a domain name often only costs a few tens of euros per year, it is not really worth it for the fraudster to set up the fraud for a short time period, hence why they try to make you commit and pay upfront for a long period of time.
Domain name will expire
When you receive an e-mail that warns you that you have not yet paid for the renewal of your domain name and that you urgently need to do this (“final notice of domain listing”), alertness is again important. These emails often contain spelling mistakes or strange sentence structures. At K-Force, we usually send a standard invoice long enough in advance before the expiration date of your domain names. Suppose you forgot to pay it, then you just get reminders from us.
Domain hijackers
Another practice, but with the same goal, is trying to hijack your domain name. This also happens in several ways. The easiest way for a hijacker is to wait until you forget to renew your domain name. They then register it themselves to resell to third parties, or to yourself, but at a much higher price.
People also try to ‘steal’ your domain name more directly: the thief submits a request in your name, with falsified data, to transfer the domain to himself. Or sends you an email in which the logo and identity of your real domain name partner have been properly copied, with the request to log in or to pay an invoice. This way he comes into possession of your login details, and he can do whatever he wants. Here too, the ultimate goal is of course to capitalize on it.
After your domain name has been hijacked by fraudsters or thieves, or just another company, it is often a lengthy and expensive process affair to get it back. Because your domain name is directly linked to your company’s reputation, you often have no other choice than to cough up the requested sum.
ICANN: not everything is fraud.
For .com .biz .org and .net domain names and new extensions such as .gent .immo .shop you will receive an e-mail upon registration and annually to verify that the e-mail address with which your domain name was registered (still) is correct. You get this email from noreply@european-server.com. In certain cases of a registrar such as e.g. OVH or Combell.
All you have to do is click on the link in the email, only in this case. If you are still in doubt about the authenticity of such an email (you are not alone), please do not hesitate to ask our helpdesk for advice.
Some concrete tips
First of all, we’ll give you some tips to spot fraudulent emails. The same rules apply here as with all other e-mails: check and double check.
You can find many more tips on recognizing suspicious and dangerous emails via www.safeonweb.be
Finally, we give some best practices regarding domain names.
Conclusion
All things considered it’s a good idea to centralize the registration and management of your domain names with your IT partner. He often manages all your email addresses linked to your domain name, which only makes it easier. At K-Force we have the necessary tools to guarantee perfect service, both administratively and technically. Of course, we are always available if you have any doubts about communication you receive. It is always better to prevent than having to cure.
Do you have any other questions? We are happy to assist you! Reach out to us through one of our usual channels.