We recently helped a client by moving her domain name registration and DNS onto Barred Owl Web infrastructure. Over the course of one of our phone conversations, she mentioned that she had paid a company – for two years in a row – that had sent her letters in the mail offering to keep her domain name registered if she sent them a payment.
I had to tell her that this was a scam.
In previous blog posts, I’ve written about the costs to building a website, different types of web hosting, and security considerations for your website. In this post, I’m going to cover how this common scam works, how these scammers find a domain name owner’s mailing address, and how a domain name is actually managed.
A domain name is one of the three costs to building a website. You can buy one online from a domain registrar (such as NameCheap, eNom, Network Solutions, and others). Here at Barred Owl Web, we offer to buy a domain name and manage it on behalf of our clients. These types of transactions never happen off-line (through “snail mail”).
Domain Name scammers will use publicly available information associated with your domain name that is required information when you register the domain (domain name “WHOIS” information). Various websites will look up this information (such as https://whois.icann.org/en). Other tools exist that lookup this information directly from a computer.
Common “scammers” include Domain Registry of America, Domain Renewal Group, iDNS, and others. These scammers love to use the mail, but sometimes, they will send an email too.
Sometimes, when someone registers a domain name, they opt to pay for an additional “WHOIS Privacy Guard” that makes that information private. Instead of listing the person’s or organization’s public contact information a WHOIS Privacy Guard subscription will anonymize your own WHOIS information and use that 3rd party Privacy Guard’s company information instead. Domain name owners who pay this additional cost for a WHOIS Privacy Guard will not typically receive these types of scams in the mail.
In summary, if you own a domain name and get an email or a letter in the mail from a company offering to renew, activate, or register your domain name, tear that letter up and throw it away – unless it came from your current Domain Name Registrar.