Common Domain Scams
Domain Slamming
Domain slamming, which has been around the longest, is used effectively by unethical domain name registrars to exploit unsuspecting recipients. These unscrupulous companies send out invoice-like notices either by email or in the mail asking you to renew your domain name registration. Usually these communications include urgent statements about the time for renewal running out and dire warnings about what will happen if you do not act immediately. These messages are often sent out by official sounding organizations like the “Domain Registry of America”, which falsely reassures the targeted individual that the request is a legitimate bill from their current registration company or from another trustworthy registrar. All too often the recipient doesn’t look closely at the official-looking notice and simply takes care of the bill, not realizing that they are actually paying to register their domain name with a completely different company. In addition, the prices for their services are much higher than what they would pay with honest domain registrars.
Website Listing Services
Another common domain name scam involves a similar invoice-type document requesting payment for “Website Listing Services.” One company called Domain Listings has sent out a form listing impressive sounding services such as “domain name submissions to the leading search engines and social media sites.” It also promises that the domain name will be “listed” for 12-months on high-traffic websites. However, experts say that these services are basically worthless or can easily be done by the domain name owner independently. In some cases, these efforts may actually do more harm than good for the website as it could lead to the loss of your company’s domain name and result in your website being down for a time. Such a situation can have serious financial consequences for your business. More likely these companies will do nothing more than collect a hefty payment for a useless service.
Chinese Domain Name Scam
The latest and more insidious type of domain name scam, however, involves emails sent out primarily by Chinese domain registration service companies. These emails warn the recipient that another company is attempting to register multiple domain names that contain the recipient company’s name or trademark information. The messages describe the situation as urgent and strongly recommend that the domain name owner quickly register multiple similar domain names to protect their trademark or brand. The messages usually also stress that their organization has blocked these competitive registration efforts temporarily, but they need prompt action from the recipient to halt this process. These scammers hope that the domain name owner will fall victim to the fear of losing their brand identity or trademark information to a competitor and purchase some or all of the new domain names. In addition to winning business through false pretenses, these companies charge prices that are usually far above the standard rates offered by reputable registrars.
Simple Steps to Take to Avoid Domain Name Scams
Note exactly when your company’s domain names will expire and which company is your registrar.
List three different employees under your ICANN WHOIS registration for Registrant Contact, Admin Contact, and Tech Contact. In this way, all three contacts will receive official reminders of when your domain name registration is scheduled to expire.
Only renew your domain name registration through the company where it was originally purchased. Never use any intermediaries. Renewing your domain name far in advance or for longer periods will help you avoid receiving unwanted registration renewal notices. If your domain is managed by Integer, we will take care of renewal for you automatically.
Use the domain locking feature from your registrar: most registrars provide an optional domain lock feature that prevents your domain name from being re-registered anywhere else without express permission from your company. When you register or transfer your domain to Integer, this is automatically done for you.
Never share personal or sensitive information with any unknown or suspicious companies or individuals.
Your company’s leadership team needs to remind employees frequently to be aware of new scams and to ensure that all staff are trained on proper internet and email protocol. One example of proper behavior that should always be followed: never click on links or open attachments from any unknown or suspicious sources.
Your company’s leadership team needs to announce the latest scams they learn about with accurate descriptions and warnings. They should also provide clear instructions on how employees can avoid falling victim to these scams. They must also encourage all staff to share any new scamming attempts they encounter to help educate and protect the entire company.
Common Email Scams
Spoofing
Spoofing is the creation of email messages with a forged sender address (often it will look like it is coming from your email address to you). Because the core email protocols (for all emails from all providers) do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message. These emails often ask for money in form of bitcoin and threaten to send inappropriate materials to your contacts using your email if the ransom is not paid.
Unfortunately, there are no definitive ways to prevent someone from harvesting your email address from the internet somewhere and using it for spam. We recommend changing your email password as that will cut off any connection a third party may have to your email account. If you think your email account has been compromised, you should run a full system virus scan on your computer and then reset your email password, in that order.
Phishing
"Phishing" is where digital thieves lure you into divulging your password info through convincing emails and web pages. These phishing emails and web pages resemble legitimate credit authorities like Citibank, eBay, or PayPal. They frighten or entice you into visiting a phony web page and entering your ID and password. Commonly, the guise is an urgent need to "confirm your identity". They will even offer you a story of how your account has been attacked by hackers to lure you into entering your confidential information.
The email message will require you to click on a link. But instead of leading you to the real login https: site, the link will secretly redirect you to a fake website. You then innocently enter your ID and password. This information is intercepted by the scammers, who later access your account and fleece you for several hundred dollars.
This phishing con, like all cons, depends on people believing the legitimacy of their emails and web pages. Because it was born out of hacking techniques, “fishing” is stylistically spelled "phishing" by hackers.
Tip: the beginning of the link address should have https://. Phishing fakes will just have http:// (no “s”). If still in doubt, make a phone call to the financial institution to verify if the email is legit. In the meantime, if an email seems suspicious to you, do not trust it. Being skeptical could save you hundreds of lost dollars.
Nigerian Scam or 419
This email is supposedly from a member of a Nigerian family with wealth. It is a desperate cry for help in getting a very large sum of money out of the country. A common variation is a woman in Africa who claimed that her husband had died and that she wanted to leave millions of dollars of his estate to a good church.
In every variation, the scammer is promising obscenely large payments for small unskilled tasks. This scam, like most scams, is too good to be true. Yet people still fall for this money transfer con game. They will use your emotions and willingness to help against you. They will promise you a large cut of their business or family fortune. All you are asked to do is cover the endless “legal” and other “fees” that must be paid to the people that can release the scammer’s money.
The more you are willing to pay, the more they will try to suck out of your wallet. You will never see any of the promised money because there isn’t any. And the worst thing is, this scam is not even new; its variant dates back to 1920s when it was known as 'The Spanish Prisoner' con.
Lottery Scam
This scam will usually come in the form of a conventional email message. It will inform you that you won millions of dollars and congratulate you repeatedly. The catch: before you can collect your “winnings”, you must pay the “processing” fee of several thousands of dollars.
Stop! The moment the bad guy cashes your money order, you lose. Once you realize you have been suckered into paying $3000 to a con man, they are long gone with your money. Do not fall for this lottery scam.
Simple Steps to Take to Avoid Email Scams
The first rule is to not respond to something that you think is fraudulent. If it happens at work, report it to your security team and your supervisor and let the company figure out the best course of action.
If it seems to good to be true, it probably is!
If scam email comes in your personal email, the best course of action is to just delete it or mark it as spam if your email provider has that option.
Never share personal or sensitive information with any unknown or suspicious companies or individuals.