A graphic of privacy and security icons: a profile, shield, padlock, password, and credit cards, connected by lines on a green background.
Privacy & Security July 13, 2023

5 Things to Know About the Domain Renewal Scam

Domain-related scams aren’t new—but that doesn’t mean you should let down your guard. Protect yourself and your domain with these 5 essential facts.

You registered your domain name about a year ago, and it’s been smooth sailing. Your website is coming along. Then you get an official-looking letter in the mail, reminding you to renew your domain name before it expires—or risk losing it to someone else.

Yikes! It looks like an official bill and you should pay it right?

Nope. The IRS won’t ask you to buy gift cards—and legitimate domain registrars won’t send you a paper renewal invoice (unless requested). If you receive a domain renewal reminder via snail mail, it’s a scam. Here are 5 things to know about the domain renewal scam so you won’t be caught off guard.

1. Genuine renewal notices are sent via email.

Legitimate registrars send renewal notices electronically. With millions of domain names coming up for renewal each year, mailing paper invoices to domain owners would be impractical and cost-prohibitive. When the time comes to renew your domain, you’ll receive a renewal notice via email.

That said, phishing and fraud can occur through email as well—so be cautious. To verify the legitimacy of a renewal notification email, check the sender’s email address and compare it to the one typically used by your registrar. Click on any links provided in the email to ensure they direct you to the expected website. And when in doubt, reach out directly to your registrar.

2. Scammers target WHOIS data.

Public WHOIS records, which contain registrant information, make it easy for scammers to target individuals who haven’t enabled privacy settings. By scraping this data, they can find your contact details and send deceptive renewal notices.

To protect yourself from such scams (and avoid spam), it’s crucial to shield your privacy by enabling your domain’s WHOIS privacy settings.

3. It’s not a renewal invoice—it’s a transfer authorization.

Take a closer look at the fine print—you’ll notice that the “renewal notice” you’ve just received is actually a transfer authorization form. By paying, you are authorizing the transfer of your domain to their registrar—at inflated costs. You’ll also notice that the renewal term is 5 years, maximizing their financial gain even if you reclaim your domain later.

4. Falling victim can disrupt your website.

If you pay the fraudulent invoice, your domain will be transferred to the scammer’s registrar, severing any DNS hosting services provided by your legitimate registrar. This disruption can cause sudden website downtime, loss of email services, and overall damage to your online presence. In some cases, the scammer may redirect your domain to their own landing page, further compounding the damage.

5. There are simple ways to protect yourself.

Beware of fraudulent domain renewal notices like this one. 

Domain-related scams aren’t new, and they probably aren’t going away anytime soon. Luckily, there are a few simple
things you can do to make sure you maintain control of your domain.

  • Enable WHOIS Privacy: Safeguard your personal information by activating the WHOIS privacy settings offered by
    your registrar (this feature should be free and not an upsell).
  • Verify Sender Authenticity: Scrutinize renewal notices, checking for clear identification and official names and
    addresses. Be cautious of generic emails, poor grammar, and unusual payment requests.
  • Cross-Check Invoices: Compare received invoices with your registrar’s official communication. Look for
    discrepancies in formatting, payment or contact details. And reach out to your registrar if anything looks off.
  • Stay Informed: Educate yourself about domain scams and phishing techniques prevalent in the industry.

Domain renewal scams are a persistent threat, targeting unsuspecting individuals who mistake them for genuine invoices. Understanding how these scams work—and staying alert—can go a long way towards keeping your domain safe. At DomainRegistry, we prioritize your security and provide free WHOIS privacy for every domain, keeping your personal data safe.