If you receive a confusing message that appears to be from your domain registrar, check it very carefully. We have seen many phishing attempts, hidden in messages pretending to be from well-known registrars such as Network Solutions and Enom.

Watch out for messages designed to cause you anxiety, with subjects like these:

  • Your domains will be expired tomorrow!
  • Your domain will be deleted soon
  • Attention: Inaccurate whois information.

The intention of these messages is to get you to drop your guard. In a mild panic, you click on the link, log in, update your billing information, and watch thieves run away with your credit.

Here are things to look out for whenever you get a message from your registrar:

  • Do you actually do business with the registrar in question?*
  • Does the message mention your domain by name? Every legitimate message we've ever seen does, but fraudsters don't know what your domain is, so they can't quote it.
  • Does the message make any sense at all? If you renewed your domain four months ago, then messages like these simply shouldn't be sent, legitimate or not. If the message makes no sense to you, or refers to another message you don't remember, this is a warning to be very careful.
  • Does your mail client have scam detection? In Thunderbird, the free mail client from Mozilla, each of these messages carries a warning message of a potential scam. Scam detection is easy. If the link text is "www.realsite.com" but the link references http://www.realsite.com.site568.biz, then there is probably a problem.
  • Does your browser have scam detection? Firefox and Google have a partnership that provides near real-time detection of fraud attempts. People who recognize a fraud attempt can report the site (Under Help / Report Web Forgery). Google uses these reports and other information to validate the report. Every time Firefox accesses a new site, it checks with Google's forgery list. If the site is on the list, you get a big obvious warning message.

If you've been victimized by one of these messages, your domain is probably safe, but call your credit card issuer ASAP.

* If your answer is yes and the registrar is Network Solutions, you should check out our domain and hosting prices. You may also find our article on domain front-running interesting.