Don't Fall for This Domain Name 'Expiration' Scam

If, like me and my clients, you ever receive an email about a domain name expiration, proceed with great suspicion -- because many of these "notices" are a sham. They're designed to sell you services you don't need or to trick you into transferring your domain name to another registrar. Usually, the emails can safely be ignored.

In one scheme, an important-looking email from "Domain Service" refers to a specific domain name in the subject line. The body of the email states that it is an "EXPIRATION NOTICE." However, the finer print states that the expiration is not for the domain name registration itself but instead for "search engine optimization submission" -- services that the recipient of the email has never purchased (and probably doesn't want).

Many recipients of these emails likely click the payment link thinking they should do so to ensure that their domain names don't expire.

While this is obviously misleading, it isn't new.

In 2010, the U.S. Federal Trade Commission warned about these frauds in a press release titled "FTC Halts Cross Border Domain Name Registration Scam." The FTC said:

The Federal Trade Commission has permanently halted the operations of Canadian con artists who allegedly posed as domain name registrars and convinced thousands of U.S. consumers, small businesses and non-profit organizations to pay bogus bills by leading them to believe they would lose their Web site addresses unless they paid. Settlement and default judgment orders signed by the court will bar the deceptive practices in the future.

 

In June 2008, the FTC charged Toronto-based Internet Listing Service with sending fake invoices to small businesses and others, listing the existing domain name of the consumer’s Web site or a slight variation on the domain name, such as substituting “.org” for “.com.” The invoices appeared to come from the businesses’ existing domain name registrar and instructed them to pay for an annual “WEBSITE ADDRESS LISTING.” The invoices also claimed to include a search engine optimization service. Most consumers who received the “invoices” were led to believe that they had to pay them to maintain their registrations of domain names. Other consumers were induced to pay based on Internet Listing Service’s claims that its “Search Optimization” service would “direct mass traffic” to their sites and that their “proven search engine listing service” would result in “a substantial increase in traffic.”

 

The FTC’s complaint charged that most consumers who paid the defendants’ invoices did not receive any domain name registration services and that the “search optimization” service did not result in increased traffic to the consumers’ Web sites.

And, in 2014, ICANN issued a similar warning, "Be Careful What You Click: Alert of New Fraudulent Domain Renewal Emails." In its alert, ICANN said:

Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to "click here" to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN's branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.

Here are some simple steps to avoid falling for these types of scams:

  • Check your domain name registrations to ensure that the email contacts in the "whois" records are accurate and that, in the case of domain names owned and used by companies, only current personnel educated about the domain name system are listed as contacts (because the fraudsters send their notices to contacts in the whois records).
  • Don't click on any links in a suspicious email about a domain name "expiration." These links typically contain tracking technology that enable the sender to identify the simple fact that you have clicked -- which could increase the likelihood you will receive further notices or spam.
  • If you are truly concerned that a notice may be legitimate or that your domain name may be at risk of expiring, simply check its expiration date in the whois record. Then, confirm with your current registrar that the domain name is set to auto-renew (if desired) and that your payment information is accurate. If you plan to keep the domain name for a long time, consider renewing it for the longest possible term (often 10 years).
  • Set your domain names's lock status (at your registrar) to help prevent unauthorized transfers. To see whether your domain name is locked, look for a status such as "clientTransferProhibited" in the whois record.
  • And, of course, simply delete any suspicious "expiration" emails.