Beware of Domain Slamming

Posted on: March 11th, 2023 at 3:30pm

Scam Email

Recently, I've become aware of more instances of scammers using a tactic against our clients called "domain slamming". There are countless articles on the subject.

The scam usually works something along the lines of the following. Obviously there are different scenarios but this is the one I have seen recently:

  • Scammer gets the contact information from an organization either by scraping the website or viewing WHOIS database information. Most domain providers offer privacy service to act as a middle man to conceal the personal information of the domain holder. But in some cases, the full name, contact details and addresses of an organization's contact are freely displayed.
  • Scammer sends either a snail-mail letter/invoice (or sometimes an email) from a fictitious company demanding payment for "services rendered" (the domain). They hope the organization / accounting department is unaware of who the domain registrar actually is and will follow the instructions in the letter. They will act on the user's fear that the action is time sensitive (e.g. the domain will expire).
  • This will usually end up on a fake payment portal which they will log your credit card details and any other information you provide.
  • Sometimes in addition to attempting to steal money, they will try to convince the domain owner to transfer their domain to another registrar so the organization will lose the domain completely.

Scam Letter

Preventative Care

So if you are responsible for your organization's domains, please make sure you do the following to help mitigate situations like these.

  • Keep records of who the registrar(s) are along with the admin/tech contact details provided, and expiry/renewal dates
  • Read and understand the policies, guidelines and contract between you and your domain provider
  • Educate your staff about your domains and who to contact in relation to them
  • Ensure credit card details are up to date and auto-renew is enabled
  • Ensure domain locking is enabled
  • Enable DNSSEC
  • Enable domain WHOIS privacy when registering domains

What to do after the fact?

If you ended up paying these scammers, I recommend doing taking the following steps to see if they can help your situation. Hopefully they can stop the transfer if caught early enough.

  • Contact your organization responsible for domains/IT and let them know the situation
  • Contact your credit card provider to cancel the transaction (if possible), and cancel the card
  • Contact your domain provider ASAP and explain what happened
  • Verify the contact details on your domain(s) are accurate and up to date
  • Verify the credit card details and update them when you receive a new card
  • Inspect your DNS records for anything out of the ordinary
  • Ensure auto-renew and domain locking is enabled
  • Change passwords on your account for the domain provider

If you receive any scam letters similar to this, please reach out to your IT department or the people responsible for your website to double check before making any decisions when it comes to your organization's property.

Join my Newsletter

Sign up to get the occasional email regarding security updates, tricks and news about the landscape of Web Development.

Back to top of page