Domain Registry SCAM- Don’t fall for this!

Domain Registry

Domain Registry ScamBeing in the business for 15+ years, I have spotted quit a few scams. Whether it is in your email or snail mail – these guys are creative. There is a reason why this is a mulBe well iti-billion dollar industry.

My business owns  around 20 domains, so getting phished or scammed is a daily occurrence. In particular, I have been getting these “Domain Registry” letters/invoices in the mail lately.  Since I am knee deep in this business, I know exactly where my domains are registered.  However, this doesn’t mean my clients know where everything lives. Especially when you have too much technobabble to sift through…, like DNS, Registrar, ICANN, Nameservers, etc..

 

First and most important: Ask Questions

The one thing I would ask users would just be aware of these! Ask questions and double check with your webmaster to make sure who your Domain Registrar is. If you own a domain, you are probably paying it once a year or once every other year. However, most of your dialog and invoices will be communicated online via Godaddy, Hover, Network Solutions, Google.. etc.

If you actually have the time to read the small print in these “faux invoices”, they actually say “This notice is not a bill..“.

For most general people and how busy they are, they quickly scan invoices and forward items to accounting pretty quickly. This easy mistake can be avoided by just taking a few minutes and reading the entire document.

What if I paid this?

Unfortunately, their BBB rating is very low and getting refunded will most likely not happen. This trickery is frustrating for the normal users out there. You are most likely out-of-luck.

What can we do?

A great question! The #1 thing that you can do is be well prepared on knowing where things live in your ecosystem or set up. Staying organized and making sure you know what you are paying for before writing that check. Checking or hiring a webmaster to consolidate your digital business framework under their umbrella. Take time to read the document before sending the check and to double check with your webmaster or the domain registrar that you thought you had. These small organizational punch items will help you and your business from being scammed.

Email and Phone Calls

Not only do scams come in snail-mail, but a large part of scams that I receive are phone calls and emails.  Phone call scamming has been such a frustrating and hourly occurrence that it leads me to NEVER answer my phone anymore. That is probably the number one thing you can do for prevention for phone calls.  Either using a screening app ( like Google Voice ) or just letting the message go to voice mail. The fact of the matter is if the person has something important to say, they will leave a message. Also, large corporate companies like Microsoft will NEVER call you. Also, banks or credit cards will also never ask for your social security number, username and or payment information over the phone. Never give remote access to anyone over the phone if they called you. If you have a tech challenge, then make sure and CALL the correct number for your support.

For Emails, these are a bit different and they come in all different sizes and shapes. These emails are getting harder and harder to identify as scam and or a phishing attempt. There are thousands of these and I can not give you an example of each. I can however give you my advice and what I do.

  1. Don’t click on links in your email. There are a lot of emails coming in that might look like your bank or credit card company asking you to login to their system. Once you click on this link, the landing page can look identical to your financial institution. However, if you look at the SSL certificate and or the URL, it will not match the financial name. It will usually be a sub-domain that has a financial name in the url, like “wellsfargo.scammysite.com”. Again, a quick glance at the URL will probably be pretty close to what you expect. However, if proceeding to enter your username and password, you will basically be giving these guys full access to your account because you just provided these details to them. Of course, you will not be able to log in, it will have some sort of error, but at this point it doesn’t matter, because the bad guy already got what they need.
    • If you ever are wondering about a problem with your financial institution, then just call them or go to your browser and type it in manually.
  2. Use an authentication method. 2nd factor authentication (SMS) is better then nothing, however, this still isn’t the best line of defense. You can still get a man-in-the-middle attack. Some of these guys can retrieve the SMS message before it reaches your phone. The best line of method is using a authentication app of some sort. I use LastPass Authenticator. Once this is set up, it creates a single sign on authentication to provide you easy access to your important passwords and data.
  3. NEVER REUSE PASSWORDS! This should be a given, however it still needs to be emphasized. Why is this important? Well, lets say you sign up for an online forum. And you use your “same” password for that user group. Well, if that database gets breached and your data gets leaked, then guess what. The bad guys will use that email and password to try and get into all of your important accounts: email, banks, credit cards, financial websites, social media .. etc. So as you can see, this can lead to a takeover. Not fun.
  4. GET a PASSWORD MANAGER! Setting yourself up with a good password manager will help you generate long and UN-guessable passwords for all of your sensitive websites. The best part about it, is you don’t need to remember each of these passwords. You only need to authenticate yourself for each session to prefill your long password for each website. Make sure you create a tough master password for this account. You want it to be longer and mixed with symbols, uppercase, lowercase and numbers. Get unique with this for it will be the “last password” you will have to remember ( oh yeah, did I mention to turn on authentication too ).

To wrap this up, I just want to remind you all to ask questions when opening emails, invoices and answering phone calls. If something doesn’t feel right, then it probably isn’t.  Get your self organized and be well informed with these tactics. If all else fails and you are too busy to keep things organized, reach out and hire a good webmaster!

1 reply
  1. Joanne Jacquart
    Joanne Jacquart says:

    Thanks for the info, Josh! The Domain Name “invoice” we got, I just knew it wasn’t for real.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.