A target for fraud
Owning your own domain and website is a fantastic way to reach new clients but it also makes you a target for scams and fraud. Occasionally you may get email notifications from your domain registrar or web hosting provider, but how can you tell a legitimate email from a fake? Here are some tips to help you avoid fraud online.
How they find you
Fraud is a huge industry across the world and much of the work is done a by banks of computers. Server addresses and domain names containing common words are checked for ownership. When an owned server or domain is found, automatic attacks are undertaken and the domain/server is added to a list for further manual attacks.
The whois database
The whois database is a public record of each domain registered along with information about the owner. Each registrar (a company authorized to sell and register domain names) maintains it’s own whois database but each is publicly accessible. You need to keep your whois information up to date in order to keep your domain registered. Scammers can use the information on your whois entry to make their fraudulent emails more believable.
Protect Your Business
There are only 2 legitimate emails you should expect from your registrar:
- A yearly reminder to ensure your whois information is accurate
- A reminder to re-register your domain when it is near expiry
However you still need to ensure the email is actually from your registrar
A search engine will never contact you to collect payment for indexing your site, and there is no quick fix you can pay for to increase your traffic. They are often just looking to steal your money but they may also try to steal your domain and sell it back to you at a greatly increased cost. This is a common claim made by scammers.
A less common tactic is to claim that they are or have registered your domain under different Top Level Domains (.com .org .gov are Top Level Domains). They will request payment to either transfer or register the domain for you in the interest of protecting your trademark. They will either outright steal your money or sell you greatly marked up domains. Always deal with a registrar you trust.
Email phishing is when an attacker copies a legitimate email in most ways but inserts a malicious message. This is by far the most dangerous attack and hardest to detect. This may take the form of the yearly request to update your whois information. Everything in the email will appear valid but they will often change the link to send you to their site instead of your registrar. It doesn’t stop there, the site they send you to may even look exactly like your registrar!
The best way to avoid this is to always go to the url of your registrar instead of clicking the link. For example if you get an email to update your whois information, type the url of your registrar into your browser and navigate manually to the whois section. This may take slightly longer than clicking the prepared link but it may save you even more compared to being scammed. If you have any questions, don’t hesitate to talk to your registrar.
I hope this will help you keep your business safe!
When you have your website designed by Beacon Studios, we’re always there to answer any security related question. We can ensure your business presence on the web remains secure.