Pin It

How to: Protect Your Domain Name from Scammers

When you thinking about online security, you probably think about how to keep information like your social security number, PIN, or banking details safe from scammers. But if you have a website, it’s time to add a new item to that list: your domain name.

Whether your site is for a business, charity, or personal blog, your owned domain name plays a crucial role in your branding, SEO, and overall digital presence. Web surfers are presented with a massive number  and variety of domains competing for attention. With over 20 billion webpages indexed by Google at the time of writing (!) and the  rise in “vanity urls’ (links shortened in vanity fashion to market a company), it’s  important to lock down – and continually protect – domains that could be associated with your main company site.

The high stakes surrounding the processing of getting the perfect domain name can leave even a savvy business person vulnerable to scams. Here is what to watch out for and how to protect yourself:

The Switch and Bait

What it is: The two main types of scams are registration and renewal scams. Domain registration scams, or ‘domain slamming’, is when the domain name registrar tries to trick the owner into transferring their domain over to them from their current registrar.

How you can protect your domain: The non-profit Internet Corporation for Assigned Names and Numbers (ICANN) introduced domain locking, also known as registrar-lock, in 2004. By setting the lock you prevent accidental modifications, such as transfers, from happening. This extra step requires you to acknowledge what company you are transferring to.

It’s All in the (Forgotten) Details

What it is: The problem might be someone you know, or something you forgot. This can happen if logins are withheld by a unhappy employee, of if the logins to a domain name registrar service account are lost.

How you can protect your domain: Getting back a lost login can be a a tricky process, so keep logins to your domain name registrar account information up-to-date and safe. It’s best to share the login details with only few people, so in case something happens to the person or their job, the details can be retrieved.

Defending Your Good Name

What it is:  The registrar sends a notification that another company is trying to buy domains featuring signature elements of the brand in question. Then they claim that they have helped you out by putting a stop to the bulk registration so that you, the rightful domain owner, has the opportunity to buy the domains instead. The scammer will try and pressure you by putting a time limit, usually one-to-two-week, on the “hold”.

How you can protect your domain: Take note that these domains often have different top-level domains (TLDs) such as .cn or .in instead of .com. If your company does  business in Asia, go on the offense and register your domain with a country-specific TLD. If you do get an email that looks scammy, your main domain name registrar can help you with the appropriate action.

Takeaway Tips

  • Non-necessary information, incorrect details, misspellings and inconsistencies are signs that can be a red flag that the correspondence about your domain name is a scam.
  • If you do not recognize the company or person who sent the correspondence, you should likely delete immediately and flag as spam in your inbox.
  • A helpful resource is – you can use it to check the URL details of the registrant (the part after the @) who contacted you on. The registry date will probably be listed as a couple days before. The scammer will use this URL and name for a short time before discarding for a new one to avoid getting caught or leaving a trail. You can also use to confirm the real expiration date of your domain – double check that this matches the number of years you paid for.
  •  Another helpful resource is the directory at the bottom of this European Domain Centre site. If you get a suspicious email, check it against their current list, and add the confirmed spammer’s email address into your email “block” list.
  • If you think a correspondence is suspicious, reach out to someone you trust who is experienced at building and hosting websites. It’s also important to know who your registrar is and what your login details are.
  • If you do fall victim to a domain scam, you should file a complaint with the Federal Trade Commission. It can be a struggle to get your money back, since elusive scammers, false names and domain registrars based overseas make it difficult to take legal action.

Check out the Payza blog for more tips on best ecommerce practices, how to keep your online business safe  and more.

  • Great article!

    Thanks for mentioning our scammer list. Do contact me if you receive such an email. We update the list daily.

    • You’re welcome, keep up the good work!