Let’s talk a little about phishing scams, more specifically, fraudulent invoices or letters sent via e-mail or snail mail that ask for payment to renew your domain, website, or a related account. These come under many different “company names” and usually have an urgent message to get you to act quickly out of fear of losing your account. If you are questioning whether a letter you’ve received is legitimate or a scam, be sure to look into the details at length before acting upon it. I assure you, there are many scams to be had and we don’t want you to fall victim.
Most of these scams are threatening your domain name, so first look for your registrar company’s name (or any other marketing company or website company you may be using to manage your website). The registrar is the company you bought your domain name from (like Godaddy, Namecheap, HostGator, etc.), and pay an annual fee to. If you don’t find it anywhere on the letter and don’t recognize their “company” name, which is often the case in the ones we’ve received, you know it’s a scam. You can always double check to make sure it’s a scam by contacting your registrar or website designer to see if they sent it or not.
Take a look below at one out of many phishing e-mails we’ve received about one of our domain names (we’ve hidden the domain name for client privacy). As you can see, they don’t even state a company name, but have set the letter up to give the impression that we’ll lose our domain/website if we don’t make this payment. Notice in the very light gray small print on the bottom it states “THIS IS NOT A BILL OR INVOICE. THIS IS A SEO PURCHASE OFFER. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED UNLESS YOU ACCEPT THIS PURCHASE OFFER.” We also don’t recognize the e-mail address it’s sent from and have never done business with them.
There are two common ways they would have gotten your information: from your website or your WHOIS records.
If your e-mail is listed on your website, that is an easy take for scammers to use. This is one good reason to use contact forms on your site, which allow you to exclude listing your e-mail on your website yet still allow potential customers or users to contact you via e-mail.
But usually scammers know more than just your e-mail. When a domain name is registered, details about that registry is made public such as the contact name, address, and phone number of the person or organization registering the domain name, as well as other details such as the name servers the domain is being hosted on, when the domain name was created, and so on. Any “Who Is” search for a domain name will show these public records, check out what information your (or any) domain shows at ICANN’s WHOIS: https://whois.icann.org/en
If you find your information is public and you rather it be private, there are services domain registrars and other companies offer that will use their contact information and hide yours to protect you from scams and the like. Often times this is called “private domain registration”, check with your registrar to see what they have to offer here. Otherwise, if a website company manages your website, ask them how your information can be made private so spam and scams don’t fill your inbox and mailbox.
Scams are annoying, but it’s important to know your vendors, payment schedules, and just how websites work on the basic level to avoid falling victim to them. To help mitigate the influx of scams and spam, make your information private by not displaying your e-mail directly on your website (use a contact form instead with a SecureID or similar spam-filter system), and by having a private domain registration. Good e-mail clients will go a long way as well, segregating known spam e-mails so you don’t have to waste time with it. Although taking all these measures greatly help manage and cut down on spam, they unfortunately won’t rid it completely, scammers are always looking for new ways to get you. Thus, being well-informed on how to spot and deal with them correctly when they do slip through the filters is key.