Recently, The Loop Marketing has been asked by an increasing number of clients whether the letters they have received in the mail about their domain registrations are real. In each case, these letters are not from the actual domain registrar. Instead, they are sent by companies who are misrepresenting themselves as the domain registrar of a business.
What kinds of businesses are getting fraudulent or misleading domain renewal letters?
In the United States, companies that register domain names are required to renew them on a yearly basis. The Internet Corporation for Assigned Names and Numbers (ICANN) is an organization that manages this process for many of these registrars and also audits some who do not follow their rules properly.
One way in which scammers target unsuspecting businesses is to mail letters that simply read “renew your domain,” even though they aren’t from the businesses’ current registrar. These letters look legitimate and often use an official looking domain registrar’s logo.
These companies find information about a business by purchasing it from data brokers who collect domain information via public records. They are able to find out when domains are actually set to expire from a tool called “Whois” and time their letters appropriately to land in the post before the actual renewal notices get sent via email.
Why do companies send misleading domain renewal letters?
The practice is often called “domain slamming.” Businesses mistake these letters for real messages from their current domain registrar. When the business fills out the forms included in the letter to renew their domain registration, it is actually transferred to a different vendor who can charge exorbitant fees in excess of 10 times the common registration rate. They can also attempt in the fine print to attach other products as well, such as local listing services.
These letters look real because they are printed on an official-sounding letterhead. These domain renewal scams often use tactics like putting in a fake payment stub with the business’ name and information, hoping that businesses will send them money without checking to see if it is real or not. They might even include an official-looking contract claiming the business has agreed to continue using the company’s services, and that they can cancel the renewal at any time.
To cover themselves, there may be some very fine print that reveals the true nature of the letter. But who among us actually reads all of the fine print?
How do you know if a domain renewal letter like this is real?
The domain registration governing body actually keeps track of domain registrars who violate their policies and procedures for managing domains. But, there are also some telltale signs to watch out for when looking over these letters:
- First and foremost, because of the sheer amount of domains that real domain registration companies manage, it is extremely rare for real registrars to send renewals in the mail because the cost would be too high. In our experience, 100% of domain renewals are handled through email. Therefore, renewals by “snail mail” are almost certainly part of a domain slamming scheme.
- Make sure that the domain name and company on your letter match up with your records. Make a note of your actual domain registrar in a folder or file somewhere. Check your previous credit card or bank statements to find previous charges and compare the company names.
- Be wary of companies who make you pay in cash or check by mail instead of credit card online. It is harder to track cash and check payments which means there’s more room for fraud. While one should certainly be careful when providing credit card information online, credit card companies offer some protections and the ability to create chargebacks.
Train your administrative staff
These fraudulent companies rely on the high volume of real invoices that come to small business offices in the mail. They often hope their misleading renewal invoice is opened by an office administrator or accounts payable department, who may not verify the authenticity of every bill before cutting a check.
Train your administrative staff to be on the lookout for suspicious bills in the mail. It is in your best interest to have a policy requiring employees to check with you before they send money to domain registrars. Alternatively, have them check with the accountant or other administrative staff members who might know about company policies instead of simply sending a check when they receive these types of letters.
Lock your domain
Many mainstream domain registrars have a “domain lock” feature that prevents any transfer unless an authorized user calls or makes the change through an authorized online account. Transferring your domain then becomes much harder to do without authorization.
What should I do if I get a fake domain renewal letter?
It is tempting to simply discard it, but it can be useful to save it to show other employees what to keep an eye out for.
Can I report domain slamming notices?
Yes and no. While you can make a complaint to the ICANN, which is the authorizing body for domains, the fine print likely will shield a domain slammer from any legal issues. ICANN can revoke the offending registrar company’s accreditation if they find that the company has violated the Registrar Accreditation Agreement. If you have received these domain slamming letters, you can file a complaint here.
What can I do if I have fallen for a domain slamming scam?
Unfortunately, if you have followed the letter’s instructions and sent payment, resulting in a domain transfer, your have limited options. It may be difficult to contact the “new” domain registrar as they are likely only set up for the purpose of deception. There will likely be no customer service department.
It may be possible to work with a reputable mainstream domain registrar or your previous registrar to try and reclaim the domain. However, since the fine print may actually protect the domain slammer in some ways, the “new” registrar may demand early termination fees before transferring your domain.
Protect yourself and help others
Awareness of this practice is always the best defense. Be vigilant, but also make sure you let other business peers in your network know that they, too, might be a target. When the scams become unprofitable for the scammer because nobody falls for them anymore, they may stop.
Looking for help with your website? Check out The Loop Marketing’s website design and development services, and contact us to get started creating or redesigning the website of your dreams today!