Website Domain Scams

Domain Slamming and Hosting Scams

Every year, countless sketchy companies try to pull a fast one on business owners with domain scam invoices. These are official-looking notices filled with important-sounding jargon. The alert is always the same – your domain is about to expire and requires immediate renewal. We receive the letters too, so we’re well acquainted with these tactics.

This is a practice known as Domain Slamming.

Primarily, these domain slamming notices come from Internet Domain Name Services (iDNS). Don’t worry, we’re not tarnishing their reputation. If you do a little digging, you’ll find they have an F-rating with the Better Business Bureau, are the subject of many buyer-beware videos, and use the address of a Popeyes Chicken in New Jersey.

So yeah, total domain scam. But it’s not that obvious to the untrained eye. They have a professional-looking website, send out official-looking notices, and even provide phone support Monday through Friday. And iDNS isn’t the only company sending out these invoices. Tech-savvy criminals from around the globe know that small business owners are easy prey. They take advantage of that fact that business owners are short on time and will often cut a check without question upon receiving a past-due invoice.

The thing is, this isn’t an invoice. Essentially, this is an advertisement. But you wouldn’t know that unless you read the entire notice from top to bottom, including the fine print.

Most of us get caught up in domain renewal scams because of the fear-mongering language like “Final Notice!” or “Past Due.” The wording is meant to stir up a sense of urgency and panic, just like legitimate late bills. They’re hoping to trick people into sending them cash or submitting credit card information.

What to do After Receiving a Domain Scam Letter

If you haven’t paid the domain slammers, you’re still safe. Unfortunately, if you have fallen victim to them, they have your credit card information along with personal details. Sorry, you just got your identity stolen.

On some occasions, these scammers are also ready to extort money by holding website domains hostage. This is known as Cybersquatting. By signing the paperwork and paying the invoice, you’re often relinquishing your rights to your domain. The sketchy domain registrar now has exclusive access to your domain and will try to sell it back to you for an inflated price.


Education is the only defense against domain slamming. Keep your business protected.

• Don’t reply to the email or call them back.
• Don’t click any links or open any attachments.
• Don’t give out any credit card information.
• Educate employees about scams and email protocol.
• Report the scam to the Federal Trade Commission.

“How did they get my information?”

 The answer is simple. You gave it to them.

Domain scammers use public information. When you registered the domain, your website information was published by the WHOIS Public Internet Directory per the Internet Corporation for Assigned Names and Numbers (ICANN). They’re a non-government, non-profit organization that handles the internet’s logistics—IP addresses, domain systems, and other protocol numbers. ICANN is sort of like the internet’s phone book, except you can’t opt out without paying a fee.

“How do I protect my information?”

You can prevent domain slamming by privately registering your domain. This is a paid service that hides your personal contact information and displays proxy information instead. This is the only way to prevent unwanted solicitation. Unfortunately, private registration isn’t available for every domain and protocols are heavily dependent on your country’s legislation.

In 2018, the General Data Protection Regulation (GDPR) required a significant change to WHOIS to protect identity theft and domain scams. Domain contact information in the European Economic Area (EEA) will only return technical details. The rest of the contact information has been removed from the results.

This means domains registered in the European Union (EU) do not require paid private domain registration to be safe from domain scams. That being said, the rest of the world isn’t protected by such domain privacy laws. Business owners outside of the EU have to pay for this service. And if you don’t pay, there’s always a risk of solicitation.

“How do I know if this invoice is legitimate?”

Unless the call, email, or letter is from your actual provider, ignore it. It’s a domain scam. It’s that easy. If you’re unsure whether your renewal email is legitimate or a scam, call your hosting provider or domain registrar. If you’re due to renew, they’ll let you know. Remember, only renew your registration with the company it was originally purchased from.

You have a few options if you don’t know who your web providers are.

  1. Use the Whois Public Internet Directory to find your domain registrar.
  2. Use the WHOIS database to find where your website is hosted.
  3. PMG clients can call us for domain information.