our blog

Beware! Domain Hijacks and Phishing Scams

In the digital world we live in, most people are aware of phishing scams and other unscrupulous online activity.  You may have been asked for your bank account number from someone posing as or your bank or asked to send money to Nigeria so that the prince can reward you in millions.  Some phishing scams are easier to see through than others.

Lately we have seen phishing scams sent out to our own clients in terms of their domain registrations.  And while some of these companies are legit, they gain your information and trick you into buying into their services under some pretty sketchy terms, charging you a lot of money you didn’t need to spend.

If you have your domain registration with Terrostar, then you should never have to worry about renewing your domains or urgent notices to pay up now.  We take care of all of that for many of our clients.  So if you receive a suspicious letter about renewing your domain, forward it on to us where we can double check the validity.  Most often, it will be a scam or phishing scheme and no action is needed on your part as we already track and maintain any domain renewals.  Any questions regarding your account information would then come from our staff.

Some clients, handle their own domain registrations though and can easily fall victim to these scams.  It’s important to understand if you are managing your own domain registrations or not. 

If the buzz words all make your head spin,  here is a brief intro to the vocabulary.

Domain Name:  This is the name given to your website.  Think of it as the street address of your business.  If you want someone to get to your business, you give them your street address so they can find you!  You can’t get to your website without having a domain (address) for people to access it. In order to get a domain, you have to use a domain registrar to register/purchase your domain name.

Domain Registration: You technically do not fully own your domain name, you simply own the rights to it. Your purchase for a domain is an annual cost that can be paid annually or in multi-year amounts. This renewal is paid to a Registrar, which is a company authorized to manage the registration of domains. Then after that time, you would be asked if you want to renew your domain, often times you might set up an automatic renewal so that your domain registrar keeps renewing your domain for another block of time.  You can choose to renew your domain with that same registrar but domain names can also be transferred to another registrar company.  This is where many of those phishing scams come in. 

Domain Hosting:  This can be where things get confusing for some.  Just because you have your domain hosted somewhere, doesn’t mean that the domain name is registered with the same company.  Site hosting is where your actual website files and data reside, whereas email hosting is the service that provides your email accounts.  If your domain name is your address, hosting is your office place; the structure that holds all of your stuff. And in this case, your stuff is your web pages, web images, web files, emails, etc.  While Terrostar can take care of both your domain registration as well as your hosting; depending on what you opted to do, we may only be taking care of your site hosting.  It is up to you know! 

Domain Hijack:  Knowing who your domain registrar is important, for if you were to lose access to the rights to your domain, your website, email or many other services may be at risk. In some worst case scenarios, a nefarious individual or group may hijack your domain and pose as your company to extort your clients or harm your company name.

Companies can gain access to domains set to expire or up for renewal and will send a very official looking letter or email to someone in your company stating that in order to keep from losing your domain, you need to pay now!  You may click on a link that allows you to pay online and in the fine print, now transfers your domain name to this new company.  Depending on who takes it over, it can be incredibly difficult to transfer your domain back and it can be incredibly costly.

I’ve attached a sample phishing scam sent to one of our clients.  In this case, they were just looking to get paid for (optional) Search Engine Optimization (SEO) services, but if you read the letter, the wording is used to confuse you into thinking you are going to lose your domain registration if you don’t click on their link and ‘renew’.

Bottom line is always read the fine print, and make sure that you know where your domain is hosted and if you or another company needs to take care of any renewals.  The key word here is PREVENTION, contact Terrostar today and we will help you determine your risk and provide you pointers on how to mitigate any future risk.