Home / Blogs

Don’t Fall for This Domain Name ‘Expiration’ Scam

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

If, like me and my clients, you ever receive an email about a domain name expiration, proceed with great suspicion—because many of these “notices” are a sham. They’re designed to sell you services you don’t need or to trick you into transferring your domain name to another registrar.

Usually, the emails can safely be ignored.



Here’s an example:

As shown in the image above, an important-looking email from “Domain Service” refers to a specific domain name in the subject line. The body of the email states that it is an “EXPIRATION NOTICE.” However, the finer print states that the expiration is not for the domain name registration itself but instead for “search engine optimization submission”—services that the recipient of the email has never purchased (and probably doesn’t want).

Many recipients of these emails likely click the payment link thinking they should do so to ensure that their domain names don’t expire.

While this is obviously misleading, it isn’t new.

In 2010, the U.S. Federal Trade Commission warned about these frauds in a press release titled “FTC Halts Cross Border Domain Name Registration Scam.” The FTC said:

The Federal Trade Commission has permanently halted the operations of Canadian con artists who allegedly posed as domain name registrars and convinced thousands of U.S. consumers, small businesses and non-profit organizations to pay bogus bills by leading them to believe they would lose their Web site addresses unless they paid. Settlement and default judgment orders signed by the court will bar the deceptive practices in the future.

In June 2008, the FTC charged Toronto-based Internet Listing Service with sending fake invoices to small businesses and others, listing the existing domain name of the consumer’s Web site or a slight variation on the domain name, such as substituting “.org” for “.com.” The invoices appeared to come from the businesses’ existing domain name registrar and instructed them to pay for an annual “WEBSITE ADDRESS LISTING.” The invoices also claimed to include a search engine optimization service. Most consumers who received the “invoices” were led to believe that they had to pay them to maintain their registrations of domain names. Other consumers were induced to pay based on Internet Listing Service’s claims that its “Search Optimization” service would “direct mass traffic” to their sites and that their “proven search engine listing service” would result in “a substantial increase in traffic.”

The FTC’s complaint charged that most consumers who paid the defendants’ invoices did not receive any domain name registration services and that the “search optimization” service did not result in increased traffic to the consumers’ Web sites.

And, in 2014, ICANN issued a similar warning, “Be Careful What You Click: Alert of New Fraudulent Domain Renewal Emails.” In its alert, ICANN said:

Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to “click here” to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN’s branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.

Here are some simple steps to avoid falling for these types of scams:

  • Check your domain name registrations to ensure that the email contacts in the “whois” records are accurate and that, in the case of domain names owned and used by companies, only current personnel educated about the domain name system are listed as contacts (because the fraudsters send their notices to contacts in the whois records).
  • Don’t click on any links in a suspicious email about a domain name “expiration.” These links typically contain tracking technology that enable the sender to identify the simple fact that you have clicked—which could increase the likelihood you will receive further notices or spam.
  • If you are truly concerned that a notice may be legitimate or that your domain name may be at risk of expiring, simply check its expiration date in the whois record. Then, confirm with your current registrar that the domain name is set to auto-renew (if desired) and that your payment information is accurate. If you plan to keep the domain name for a long time, consider renewing it for the longest possible term (often 10 years).
  • Set your domain names’s lock status (at your registrar) to help prevent unauthorized transfers. To see whether your domain name is locked, look for a status such as “clientTransferProhibited” in the whois record.
  • And, of course, simply delete any suspicious “expiration” emails.


By Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Learn more by visiting The GigaLaw Firm website. Doug Isenberg also maintains a blog here.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com