Domain name scam - is Cisco involved?

I received a domain name renewal notice today from a company supposedly based in Brussels, Belgium. I did not spot it right away as a vicious phishing scam because I own many domains at many different registrars, and I don’t always remember where each particular domain is hosted. So I clicked on the link to renew my domain name (I won’t make that mistake again). I found myself at a renewal page of a company called Domain Renewal that was charging $79.95 for a one year renewal. I was stunned. Almost $80 for a one year renewal? That’s 10 times what I pay at top registrars like Moniker.com and GoDaddy.com!

But there’s more to it than just a costly transfer scam.

This is how the email that I received began: (I removed the actual domain name):

domain renewal

It is time to renew your domain name www.@@@.com
----------------------------------------------------------------------------
---------------------------------------------------------
Your domain name www.@@@.com will expire within 90 days.
You may renew your domain automatically with Domain Renewal. Click on the
link in this -mail to renew the domain for another year.

Domain Renewal had a slick looking website displaying the logos of several major companies, including Cisco, Oracle, IBM and Microsoft, implying that these companies are partners. Their (unsecure!) payment page offers a wide array of credit card payment options.

I immediately checked my records, and discovered that the domain in question is not hosted by this registrar at all! It’s in my account at Answerable.com, which charges only $6.99 per year for renewals. This Domain Renewal company was trying to scam me.

I looked around at Domain Renewal’s website and noticed that they claim to be based in Brussels, Belgium. On their About Us page, they explain:

Domain Renewal has developed a system which constantly monitors and reminds companies about their domains. It is not uncommon for companies to have purchased their domains with different suppliers which make it even harder to keep track of their domain portfolio. We at Domain Renewal will find and renew your domains for you.

So they monitor WHOIS records, and when a domain is close to expiring they contact the owner with a renewal message. Other registrars do this as well, trying to get you to switch registrars without realizing it.

But here’s the real insanity: Domain Renewal is not a registrar at all. On their website, they explain:

How does it work?

  • Step 1. We receive your order to renew your domain.
  • Step 2. We interact with your Internet Service Provider/ ISP to renew your domain name. In cases your ISP requires your login information we will contact you by mail and you will have to provide us with login information so we can preform a renewal. Note! No other changes on your account will be made.
  • Step 3. You receive a confirmation that your domain has successfully been renewed and you can see your new expire date on whois.com

So they claim that they act as your agent, contacting your registrar or ISP and asking them to renew your domain. And you are expected to hand over your login information to them, to facilitate this process.

So what’s to prevent them from stealing your domain name at this point? Nothing. Worse, if you have your credit card information stored in your account page at your registrar, they can steal that as well, as well as whatever identity and contact information you have in your account.

A very clever and ruthless phishing scam.

Some steps to take to protect yourself:

  • Be wary of emails asking you to renew your domain name. Even if you think the email is genuine, it’s best to navigate manually to your own registrar’s website (by typing the URL into your browser bar) and renew the domain name there.
  • Also be careful of snail-mail letters advising you to renew your domain, even if they look very official. Most registrars don’t send paper mail, though a few do. Again, go to your registrar’s website to renew.
  • If you’re not sure who your domain is registered with, check the WHOIS, the public database of domain name ownership. You can do this at most registrars’ websites. One good WHOIS lookup tool is DomainTools.com.


One Comment to “Beware This Domain Name Renewal Phishing Scam”

  1. domainerscity | September 1st, 2007 at 6:08 pm

    Great article. I find it very helpful. Oh, just in case you want to give your site more coverage and exposure, I will suggest you give DomainersCity.com a try. It is the first social networking site for domainers and website owners.

Leave a Comment


Subscribe without commenting

%d bloggers like this: