Thursday, April 22, 2021

Avoiding the Domain Scam

As reported by Lori Wiese-Parks only a few months ago on this blog, the number of misleading solicitations and notices relating to trademark applications appears to be on the rise. Unfortunately, these scams connected to the trademark registration process are not the only brand-related schemes targeting entrepreneurs: scammers also like to send misleading messages regarding domains. 

The selection and purchase of a domain name is a vital step in getting a business off the ground and often one of the first steps in the branding process. Entrepreneurs generally seek out short, easy-to-remember domain names that incorporate their brand in combination with a standard top level domain (TLD), such as “.com,” or a TLD common in the industry, such as “.io” for technology companies. Domains can even become a shorthand for a business and its products — as discussed in an earlier post regarding BOOKING.COM; sometimes a domain can become so distinctive that the domain itself is recognized as a trademark.

Domains allow businesses to advertise to their customers, sell goods and services, and communicate. As such, a business’s domain and the website at that domain is one of its most vital links to the public. However, just registering a domain is not enough — domains must be connected to services such as web hosting and periodically renewed. Even short-term disruptions to the website or domain of a business can have a significant impact. Particularly disastrous is if a business fails to renew its domain and is forced to move its online presence to a different domain. (This specific issue is best avoided by making sure that the domain is set to auto-renew with the domain registrar or by registering the domain for a period longer than one year.) 

The extreme importance of registering and maintaining a domain opens the door for scammers to take advantage of entrepreneurs. Scammers often send misleading messages regarding a domain in the knowledge that the business owner might not be intimately familiar with the domain registration process and might act without thinking if they receive a notice implying that their domain is at risk. Fortunately, these scams are often easy to detect and dismiss. 

Some misleading messages state that the domain name of a business is going to expire unless the business pays a fee. Often there will be some language suggesting that the message is a solicitation or offer, but the overall impression is that the recipient urgently needs to take action in order to maintain their domain renewal. In particularly deceptive cases, the sender impersonates the registrar for the domain. The registrar is the business that handles the reservation of the domain name — each active domain name is registered with a registrar (common examples are Namecheap, GoDaddy,, and Bluehost). The registrar for a domain is public knowledge and can be looked up in that domain’s WHOIS record, meaning that a scammer will be able to access this information along with details such as when the domain was created and when it is due to expire. The scammer can then leverage this information to create the impression that the communication is “official.”

The best way to combat these scams is through caution and knowledge. Entrepreneurs should know the registrar for their domain, the date that their domain is due to expire, and the official process for renewing. For example, most registrars will provide domain owners with an online account that allows for direct payment of renewal fees through that registrar’s website. If the domain email doesn’t come from the official domain registrar, it is likely a misleading solicitation and can be ignored. Even if an email appears to originate with the registrar, many of the same principles that apply to other phishing emails apply here: carefully check the sender, look for typos and strange wording, do not respond to emails requesting financial information, and do not click links. 

Other misleading messages claim to have received an application to register a domain containing the business’s brand and ask whether the business authorized this application. For example, the owner of <> may receive an email saying that a third party applied to register “lathropgpm” domains. Or a business may receive a message offering to sell a specific domain related to the domain, such as <>. In these cases, it is important to understand the structure of domains. Each domain contains a top level domain (in our example, .com) combined with a second level domain (SLD) (in our example, lathropgpm). Each domain registration is for a specific SLD-TLD combination, so if I register this will not give me rights to domains with other TLDs, such as, or domains with other SLDs, such as or Virtually infinite SLD-TLD combination domains can be created for any given brand — as of this writing, there are about 1500 TLDs alone

The ultimate goal of misleading solicitations of this type is to cause the recipient to worry that some third party might register a domain containing its brand and to therefore engage with the scammer. Some of these solicitations may even imply that a third party is trying to buy the domain used by the recipient. Again, knowledge of what domain names the business has registered, who they’re registered with, and when they’re due for renewal can alleviate most of these concerns. As to solicitations involving domain names that are similar but not identical to the established domain of a business, these messages should be ignored as well. Domain squatting and re-selling is a very lucrative business, and some bad actors operate by registering a large number of domains and then approaching businesses with the goal of reselling the domain at a significant markup. Entrepreneurs should bear in mind that, due to the sheer number of domain variations, registering every domain containing their brand is not a realistic goal. It can make sense to register a few variations on your brand or even a few common misspellings — and larger businesses often have portfolios of hundreds of domains — but this should be done as part of a broader business plan rather than the result of a solicitation. 

By keeping yourself informed of the status of your domain name registrations, including the time and method for renewing, and maintaining healthy skepticism regarding unsolicited messages, you can avoid falling prey to these misleading messages. 

No comments :

Post a Comment