PSA: Beware The Domain Name Renewal Scam

It happens often enough that I’ve decided I need to write about it. A client calls or emails and asks about an email or letter they have received saying it’s time to renew their domain name, and gives them an address and bill, usually for an exorbitant amount. This is how bad actors get you to change domain name hosts, then they can charge whatever they want to renew or worst case, hold your domain name hostage.

Points to keep in mind:

1. Know the host or hosts of your domain name and web hosting (they may or may not be the same). Keep this information where you can refer to it in future.
2. Know how your domain holder and web host communicate with you. All the hosts I know of will contact you by email, at least several times first.
3. In case you are not sure who your hosts are, ask your web developer.
4. If they don’t know or you can’t reach them:
   1. go to https://mxtoolbox.com/SuperTool.aspx,
   2. enter your domain name in the box and click Whois Lookup
   3. The registrar is who holds your domain name.
      1. Note: you may not recognize the name because most companies have several names or divisions. You can go down farther in the record and Tech name or tech email might be the name you would recognize
   4. The dns lookup is your web host.
   5. I recommend printing the lookup (the first page is all you need: right click the page>choose Print and Save As or destination can be Save As PDF or your printer. Under Pages choose Custom>1).

Keep Good records and Keep them Safe

While I’m on the topic of keeping these records, I suggest creating a folder (in paper or digital) that also includes the web address (URL), username, password and any security credentials to:

1. Your domain name host
2. Your web host (may or may not be the same as domain host)
3. Your website (this might be a WordPress username and password)

It’s also a good idea to note when each of these renew. Pay attention to any emails that really are from your hosts.

Keep these records in a safe place that you will remember when you need them. If you don’t know these details, get them from your web developer. Remember, it’s your website and you should be able to have access to it.

If they ask, just say you want the information to err on the side of caution in case anything should happen to the developer or the firm. Then will have the information if you decide to change providers later. This will save you, and them, the discomfort of asking for it when you both know you are leaving their service. And yes, I once had a developer refuse to give the credentials to a client and the host and domain name were in the developer’s name. The client had to have the website rebuilt and change the domain name. So it really is erring on the side of caution.

An important addendum:

Most domain hosts offer the option of domain privacy (for an additional price). This service will hide your contact information from the public ICANN record so bad actors cannot easily get it – they would have to go through your domain host. If you don’t want to be bothered with scammers or are concerned that you might forget to check, it would be worth your while to purchase domain privacy.