Domain name scams are very common, largely because most of the details for the registrants of domain names are publicly available on the internet (i.e. company name, contact name, email address and phone number) through websites such as “Whois” (www.whois.com.au).
If you have a domain name registered, there are three common domain name scams which you may be subjected to:
- You may be sent a “renewal” notification for a domain name which you do not actually have registered but which is very similar to your actual domain name, with perhaps just a different extension (for example, .net.au instead of .com.au).
- You may be sent a notification from a domain name company advising you that it has received an application from a third party to register a domain name which contains your trade mark. The company says it is alerting you to this fact to provide you with the opportunity to register the domain name first. You are invited to register that domain name with the company as a means of preventing the third party from doing so.
- You may be sent a domain name renewal notice by mail or email for your exact domain name, but it has been sent from a different company to the one you registered your domain name with. Paying for and providing your account information to the new company will generally result in a transfer of the domain name to that company.
Things you need to be aware of:
- Pay particular attention to any correspondence you receive about your domain name, especially with respect to the domain name referred to in the correspondence.
- Know who your domain name Registrar is (this is the company you registered your domain name with originally). Only that company will send you legitimate correspondence about your domain name.
- Know when your domain name expires. Generally your domain name Registrar will send you a renewal notification about a month before expiry. A scam entity might send you a renewal notification many months before expiry hoping to get to you first.
- Legitimate correspondence will not ask you to provide your password for renewal of a domain name. If you are asked for your password, this is usually an indication that the sender is not legitimate.
- Try to limit the amount of people in your organisation who are authorised to approve and pay invoices so as to minimise the chance of inadvertent payment of a scam invoice.
You should be wary of a notification from a domain name company advising you that it has received an application from a third party to register a domain name which contains your trade mark. It is not uncommon for people who have no connection with a trade mark to register a domain name containing that trade mark. This is impossible to prevent because there are so many available domain names in every country. It is also impossible (and generally cost prohibitive) to reserve every possible domain name related to your business. We recommend registering domain names for your primary and secondary brands in the countries of interest to your business. You should choose your own domain name Registrar, and not use a company which sends these types of notifications.
Given the high prevalence of domain name hijacking and squatting emanating from Asian countries, if you are currently doing business in Asia (or planning to), then we recommend that you register domain names in the various Asian countries which you are interested in – these are relatively cheap and easy to obtain.