When I build a new website for clients, a domain name is purchased for them. With this purchase, WHOIS rules require the domain name must contain the contact information of its owner in the registration. With this registration comes many unwanted annoyances.
Apart from SPAM emails sent to the owner by all kinds of opportunists who claim (mostly) SEO work for a fee, one of the unfortunate type of emails that arrive are fake invoices by fake domain registration or SEO companies.
There must be hundreds of these scammers that send fake invoices. They search the WHOIS database, obtain the registration information for a domain name (usually the newer ones) and send that owner a fake invoice to renew the domain and or request payment for SEO (fake) services.
These fake invoices come in various forms, sometimes as an invoice attachment, but usually as an email with links to click taking you to a website to pay for the domain registration. If you click the links it takes you to a website page that provides payment methods and yes, these payment methods work. They have to, if they want to scam you of money.
Just below is one fake SEO invoice that I received from one of my client websites. It contained the domain name and the name of the client, which was all in the WHOIS database. Since I was doing work on the client’s website, the owner forwarded the invoice to me because the owner did not understand what to do. I inspected the invoice to find that the company was a scam, not a legitimate service.
The invoice looks legitimate, but it isn’t.
Web designers will (should) catch this scam and delete it, but for those people who are not web developers and have little knowledge or experience with the Internet can easily become victims to these scams.
What can you do about these scam invoice emails? There are 2 things to notice if this is an invoice to renew a domain name,
- Name of the Domain registration Company is not the same as the one that you used to register your domain name.
- Expiry date is off, usually to get you to react, not think, and pay quickly.
If the invoice is for SEO services, do not respond and never click links in the email.
Be aware, it is not beyond these scammers to send you a fake invoice close to the real expiry date of the domain name or create a fake email with the real registrar’s company name, but the big difference are the links in the email. They will always lead to a different / fake website.
So in all cases, what can you do?
- Do not respond to the email.
- Never click any links in the email, whether it looks legit or not.
- If the invoice is for SEO services, compare the company name you hired originally, you will see it is not the same.
-Domain Name Registration–
- If the invoice is for domain name renewal, do NOT click links in the email, Open your browser and manually go to the domain name registrar who currently holds the registration control over your domain name (If you do not know, then contact the person who built your website and ask).
- Then login to the domain registrar that is registered with your domain name.
- Check in your account to see if the domain name is about to expire or has expired. If it is, pay for a renewal inside your account.
- Purchase a privacy package for your domain name, this will remove your name and contact information replacing it with the domain registrar’s information instead. This averts future attempts and also thwarts future SPAM emails.
- Delete the scam email – do not respond to it.
If you have no clue about any of this, contact a local web design company and ask them to help you out. They can answer questions about a these SEO invoices. If it is to do with a domain registration email, they can help with that also. For this, it will likely be for a fee, but should be a nominal fee, under $80, to get this help because it is not a lot of work to help out.
Follow any instructions to get access to your Registrar account, but do not allow the web designer to take ownership of the domain name, it must remain in your name with the registrar.
Make sure the web design company sends you all login information for your Domain Registrar account so you have record of it. Print out these record and keep in your files, along with storing the electronic copy.
The best defense is to learn about the basic things about owning a website,
- Keep record of all services you hire for your website, their company name, contact information, etc.
- Know who your real domain registrar is, their company name & contact information.
- Have all account login information for your real registrar.
- Keep hard copies that are current to the details of your domain name, such as expiry dates.
- If the domain was registered through the website hosting service, the same domain information is there in that account. If not, contact the hosting service and get access to that information, which means ask them where you can log in and get that information at anytime you want.
- Keep record of who your website host account, login information, expiry dates, etc.
- Keep an electronic record on a backup drive (not your main desktop/laptop computer) and keep hard copy records at are updated as needed.
Being informed is the best defense against these Scams and SPAMS. It is cheaper to learn about this stuff then unknowingly pay and become a victim.
If you have any questions, please contact me.