Domain name scams: be very careful!
There are many domain frauds in which fraudsters use your domain name as bait to deceive you. We list some specific cases of domain name scams as a warning, and provide some tips on how to be on your guard and protect your domain.
Attempting to defraud with false invoices
One of the forms of domain fraud is the sending of false invoices. The sender is usually a company with a name that invokes trust, such as ‘.be domain hosting’ or ‘.be registrar’. The invoice states that your domain is about to expire and that you have to pay a sum of money.
If you examine the invoice carefully, however, you may notice some elements that should arouse your suspicions, such as a non-existent address of the sender, a website that is incorrect, or the lack of further information about your domain name. The conclusion is simple: if you receive an invoice for the renewal of your domain name from any company other than your own registrar, such as Combell, just throw it straight into the wastepaper basket!
Sales pitch on the phone
Another rogue practice involves being contacted on the phone by a company – a scam that is often tried on with companies that also have a registered trade name. The telephone caller claims to have been instructed to register a certain domain with the .eu or .com domain extension. And coincidentally, you happen to have the same name but with the .be extension! The company wants to give you first choice for registering this variant, but you will have to register it immediately for 10 years...
Do not do it! The company behind these phone calls is not a regular registrar and it is therefore highly doubtful that your registration will actually be valid for 10 years...
But who knows – that telephone call might get you thinking that perhaps it would not be such a bad idea for you to register your domain name with that other extension. But do it through a reliable registrar, like Combell. If you have several domain names with us, you can manage them centrally from one control panel. Handy!
Check out which extensions are still available for your domain name:
A threat about the expiry of your domain name actually turns out to be an SEO offer
Yet another fraudulent technique in which your domain name plays a big role: the ‘final notice of domain listing’. In this version, you receive an e-mail from which it appears that you have forgotten to pay your domain registration fee. And there is a risk that your domain name will be deleted.
If you look more closely at the e-mail, you will notice that it has nothing to do with your domain registration: it is actually an offer to register your domain name in search engines. With the threat: if you do not take up the offer, search engines will not be able to find you. Which is, of course, sheer nonsense. The proper place for this too is in the (digital) wastepaper basket!
Domain hijackers are monitoring your expiry date
Your domain name may face other dangers. For example, domain hijackers, otherwise known as cybersquatters, are always lying in wait. If you forget to renew your domain, they are ready to register that domain name immediately for themselves. And then sell it on to third parties – or to you yourself, but for a hefty price!
Domain theft is also common practice: a thief may request a domain transfer on your behalf to himself using falsified documents. Or send you an e-mail in which the logo and identity of your real registrar have been cleverly imitated, and which asks you to log in or to pay an invoice. Once in possession of your login details, the crook can carry out all kinds of fraudulent practices.
We are sorry to say that even Combell’s name has been misused in this way – read ‘Fake emails sent out in our name’.
The process of getting back your domain once lost or stolen can be a lengthy and expensive business. And because your domain name is your most precious asset in the digital world, you are often left with no choice but to pay the domain hijackers...
Here is how you can protect yourself against domain name scams
Prevention is better than cure. So here are a few tips to avoid being the victim of domain fraud.
Elements in e-mails or invoices that should start alarm bells ringing:
- Transformed links in the e-mail: hover your cursor over a URL in the e-mail and a completely different address appears – e.g. https://combell.com.registreren.fraude.com in place of https://combell.com
- The urgency: using this as a threat, the fraudster hopes you will quickly accept his offer without reading the small print
- The offer for multiple years: the fraudster knows very well that you are aware of the price of a domain registration – usually just a few tens of euros for which it would not be worthwhile setting up the fraud. Hence his offer to register the domain name at once for several years so that he can haul in a bigger prize
This is how to defend your domain name against fraud or theft:
- Keep a careful eye on the expiry date of your domain name. Combell will send you the payment request in good time, by post and by e-mail. Moreover, via the handy Combell control panel, you can check for yourself the date up to which your registration is valid.
- Renew your domain on time. Do not wait until the last moment to carry out the renewal. And why not register for a longer period so that you can relax for at least 5 years?
- Check at DNS Belgium or at a Whois service whether the contact information for your domain(s) is correct. If not, contact the Combell helpdesk to have the information updated.
- Make sure that you are declared as the owner (‘registrant’ or ‘domain name holder’) of your domain name. Avoid having your web developer or marketing company declare itself as Domain Name Holder. The domain name holder should be the owner of your company himself or a suitably authorised internal employee of your company.
- Do not use a free e-mail address, like a Hotmail address, for the contact information. Because if you do not use that address for a long time, it will be released so that others can register it. Cybersquatters could then hijack your domain.
- Equally, you should not use an e-mail address on the domain name itself for the contact information, but rather an external e-mail address. If a fraudster hijacks your domain name, he can also redirect your e-mails to himself…
- Do not click on web links in any e-mail about your domain name that do o’t originate from your registrar. Only your own registrar will send you a request for renewal. In case of doubt, please contact your registrar.
- Add the domain name of your registrar to your ‘trusted senders’ in your spam filter. This will ensure that you do not miss any important e-mails from your registrar!
- Do you suspect an attempt at domain fraud? If so, please notify our helpdesk so they can look into it and if necessary put out an alert to the other Combell customers. You can also inform the police about domain fraud via the Police hotline or the Economic Affairs service hotline.
Tip: For most extensions, Combell allows you to enable free transfer lock in your control panel as an extra protection against people who want to steal your domain name. As long as this lock is enabled, your domain name cannot be transferred.
If you want to transfer your domain name, you will need two things:
- a transfer code that you can request from the registrar and receive by e-mail (for most extensions)
- disabling the transfer lock in your control panel
Suppose someone manages to intercept the e-mail with your transfer code, for example by accessing your mailbox or by pretending to be a colleague… In that case, there is still something that person will not be able to do in your control panel, meaning your domain name cannot be hijacked.
If you follow these tips, you can relax: it will not be easy for a fraudster to lead you up the garden path and your domain will be safe from hijackers. Do you have any questions or problems, or have you noticed something suspicious? Please contact our employees who will be happy to assist you further!