As we’ve explored in our previous article about new privacy regulations coming into force in Europe, security concerns are growing around the world. Closer to home, scams involving domain names are not new, but have been increasing at an alarming rate. As a domain owner, you may have already come across some of these scams, commonly referred to as Domain Name Slamming.
The Fake Bill Scam
This scam is the most popular version of ‘domain name slamming’, a type of con that focuses on overcharging or falsely charging domain name owners.
The ploy: The letter begins by informing you that your domain name(s) will be expiring in the near future. It continues with a list of prices for renewal over different time periods and ends with a tear-away payment stub to ‘renew’ your domains.
The message: Though the letter looks and feels like a bill, closer inspections shows that that they are actually asking you to change the company you register your domains with but buries that information among statements like, “Failure to renew your domain name by the expiration date may result in a loss of your online identity”.
These tactics give a sense of urgency, confusing individuals into paying up to 3 times the price of a standard domain renewal. Clients that get baited by the offer may also end up losing access to their websites and emails for prolonged periods of time.
Variations: Over the years, they used many different names to continue their shady practices:
- Brandon Gray Internet Services (this is the parent company which has had its certification as a .CA registrar revoked)
- Domain Registry of America
- Domain renewal Group
- Domain registry of Europe
- and plenty of others!
Regardless of name and flavor, they all follow a similar practice of mass mailing unsuspecting domain owners. The templates and logos may vary slightly, but the principle remains the same.
Interesting fact: CIRA has been working diligently since 2011 to decertify and halt this provider’s dubious practices. A detailed affidavit describing this process is available online.
UPDATE: We attempted to contact DROC for a comment, but our efforts failed as the phone service only directed us to leave a message on a voicemail system that – surprise, surprise – was already full.
Fear the Competition Scam
These scams also rely on a sense of urgency combined with a fear of losing out to the competition.
The ploy: Generally sent through email, these types of scams are not looking for you to transfer your domain name but to purchase the same domain with a different extension. They usually imply that your domain name ownership is under question (this is generally not the case), and “conveniently” recommend that you pay for the new registration yourself to protect your brand and copyright abroad. These scams are designed to scare people into paying rather than spending time and resources on a ‘legal matter’ involving international law.
We are a Network Service Company which is the domain name registration center in China.
We Received an application from Hualong Ltd on (date). They want to register “(yourdomainname)” as their internet keyword and
But after checking it, we find “(yourdomainname)” conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not.
(The Scammer) / Service and oporations manager
The message: Seemingly written by a company in China, the email warns you that a there is a mysterious competitor that is trying to purchase a variation of a domain name that you own, usually with a different extension, such as .com.cn. As there is a potential copyright conflict, you will be given the option to contest their registration and secure the domain yourself before the competition.
Variations: These scams come in many different ‘styles’.
Here is a list of some of the ‘businesses’ that have been documented as fear the competition domain slammers.
How do These Companies Obtain my Information?
The WHOIS database is a massive collection of information on who owns most domain names, including detailed contact information of its owners and administrators. Since it’s a public database, certain dubious companies have unfortunately made it their business to scrape its data and store the information they need to solicit unsuspecting domain name owners.
Luckily, there are ways to protect yourself.
How Can I Protect Myself from Domain Slamming?
There are three main ways to safeguard your interests against domain slamming.
- Activate Privacy protection to shield your personal information on the WHOIS, making it inaccessible to spammers and scammers. Individuals registering .CA domains receive this protection by default, for free.
- Be vigilant and trust your instinct. If it sounds fishy, it likely is! Read through the content diligently and if in doubt try to Google search the company’s name or email address. If the results involve a lot of talk of scams, it’s a scam.
- When you receive a scam email, mark it as spam in your inbox and forward it to firstname.lastname@example.org. This will train antispam filters and reduce the number of messages of this type in the future.
If you receive a scam email or letter, or have been the victim of one of these scams, remember you are not alone!