The 7 most common domain name scams to look out for

A domain name scam is a form of cybercrime designed to deceive domain owners into paying for fake services, revealing sensitive information, or unknowingly handing over control of their domain. Criminals use these scams to impersonate reputable companies, set up fake domain services, or create convincing copycat websites to steal customer data.

Any business can fall victim, which is why understanding these scams and knowing how to protect your business against them is essential.

Take note of the following types of attacks:

1. Lookalike domains (domain spoofing)

This is when criminals register domain names that closely resemble well-known brands to mislead customers into visiting fake sites or sharing personal information. For example, someone might register NikeSA.co.za and send promotional emails directing people to a counterfeit store. Even tiny spelling changes can make these sites appear real. Stay alert.

2. Fake domain renewal notices

Bad actors can access publicly available WHOIS data to collect domain owner details. This is known as domain scraping. Using this information, they send emails claiming your domain is expiring, a payment has failed, or your domain will be suspended unless you act immediately. Their goal is simple: steal login details, grab credit card information, or receive payment for a renewal that doesn’t exist.

3. Unauthorised domain transfers (domain slamming)

Without the right security protections in place, a criminal can transfer your domain to another provider with surprising ease. It typically starts with an email disguised as a renewal notice from your registrar or hosting provider. The message urges you to click a link, but the small print reveals that doing so approves a transfer away from your current provider.
The consequences can be severe: financial loss, website downtime, and damaged credibility with customers.

4. Domain hijacking

Domain hijacking happens when a criminal gains access to your domain account, usually through a phishing attack or weak passwords. Once inside, they can transfer ownership, modify DNS settings, redirect your website, lock you out of your emails, display malicious content, or even sell your domain to someone else.

5. Search engine or directory listing scams

Some scammers claim they will submit your domain to search engines and directories to improve rankings. They charge high fees for a service that delivers no value. Search engines automatically index new websites, so paying for this is unnecessary and wasteful.

6. Alternative domain scams

Imagine receiving an email that warns you that someone else is about to register a domain name similar to yours... You'd be worried right? That's what cybercriminals play on when they create fake mails like these and offer to “secure” the domain for an inflated price.

7. Domain purchase and appraisal scams

This scam targets owners of domain names that seem valuable or “brandable.” You’ll receive a message claiming that an interested buyer wants to make a generous offer on condition that you purchase an appraisal from a specific service provider. Once you pay for the appraisal, the supposed buyer then disappears.

There is no buyer, no real valuation, and no legitimate transaction.

How to protect your domain:

• Register your domain with a reputable provider like Domains.co.za, which offers secure systems and reliable support.
  
• Enable Domain Transfer Lock to stop unauthorised transfers.
  
• Use Two-Factor Authentication for added account protection.
  
• Set up Auto Renewal so you don’t fall for fake renewal emails.
  
• Verify links and email senders before acting. Look out for misspellings, swapped characters, or unusual URLs.
  
• Sign up for WHOIS Privacy to keep your personal information hidden from public databases.
  
• Educate yourself and your team on how to recognise common scams.

At Domains.co.za, keeping your domain safe is a priority. We therefore offer added security measures such as Domain Transfer Lock, WHOIS Privacy, Two-Factor Authentication, automatic renewals, and multi-year registration options to help you keep your domain safe.