Identifying the Domain Renewal Scam

Don’t Pay this Bill!

Your accounting department has probably already received at least one false invoice to renew your domain. Scammers send these emails or physical invoices to get you to pay for services you do not need or want. Scamming organizations make their living through deception, inflicting fear or confusion, and causing panic-driven decisions intending to trigger mistakes that the calm and confident you would never make. You are not alone!

It is not unusual for our clients to reach out to us when they receive one of these fake “invoices”. (BTW – We love answering questions, so never hesitate!) “Do I have to pay this bill? I thought Sundog did this for me.” Glad you asked!

The scam:

You receive what looks like a normal invoice in the windowed envelope (or your inbox) and it goes in your ‘bill’ pile. But when you open it you see red-letter threats of expiration or BOLD statements saying this is your last chance to renew or receive a ‘special discount’. Some tricky ones send a friendly ‘Thanks for being our trusted client”. While there is a lot of legitimate information – your name, address, and domain names are all correct, you don’t remember contracting with this company.

Here is how to spot a fake invoice:

Domain copy
  • Read all the text. These folks know to cover themselves legally by stating somewhere in there “This is not a bill” or “This is a solicitation.”
  • If you don’t recognize the company, it probably isn’t legitimate.
  • The Company Name is intentionally generic or vaguely official – like USA Something Domain, or National Domain Management – possibly with a US emblem on the logo.
  • If it is an email DO NOT CLICK THE LINK – print it out if you are checking with another party. Phishing, fake sites, malware… I’m getting goosebumps just typing this.
  • Log in directly to your domain – or contact the company managing your domain registration – and confirm registration and expiration dates.

Oh, no! What if I paid it already?

  • Don’t panic. You’ve got this. Focus on damage control.
  • Log into your domain (or contact your domain manager) immediately and confirm it remains in your control.
  • Change the password.
  • Confirm the ownership and expiration date.
  • Lock the domain so it can’t be transferred without your permission
  • Stop payment – if you sent a check contact your bank, if a cc payment contact your card company and dispute the charge. It may be possible to get your money back.

It can feel embarrassing to fall for a scam, but nearly every person will fall victim to a scammer at some point. The important thing is what you do next. Calmly reach out for help from your trusted website and banking partners. And now you are ready for them next time..