The story you are about to read is true, not even the names have been changed so as to fully implicate the accused.
First, a teensy bit of background. I conduct a lot of transactions online, and do most of my business electronically. I own three of my own domains, and manage a fourth for a friend, as well as hosting all of them on my own VPS. As such I feel I’ve become pretty attuned to possible scams, phishing attempts, and other ne’er-do-wells. That is, until last week.
See, when I needed to register a new domain and have it hosted, I went with the “all in one” offering with the hosting company I was using before I switched to my VPS. This was super convenient, as they handled registering the domain for me, and set me up with one year of hosting a website and email for that domain for one year. Great, one stop shopping! That was nearly one year ago, and the domain is due for renewal in December.
So, when I received an email from a domain registrar I did not recognize suggesting that I renew my domain I assumed that it was the domain registrar that my hosting company used to register the domain on my behalf. I happily followed the link and renewed my domain with that registrar for two more years. I did find it odd that I didn’t have to supply any user credentials or other identification, but I just assumed they’d use some of the personal information I provided to compare against the WHOIS or something. Besides, what do they care if someone else pays to renew a domain, even if it doesn’t belong to them, right?
Well, some days later I received another email, from what appeared to be a separate entity than the domain registrar I renewed with. This email requested that I authorize a domain name transfer to them. Hmmmn.. Wait, I thought I renewed, not transferred. Something is wrong here..
I proceeded to do a few quick Google searches on the domain registrar that I renewed with, and the name of the registrar which was apparently requesting a domain transfer. Turns out they’re all part of the same organization based out of Canada, and all I read was experiences of shady business practices and situations of domains which were either lost, or trapped in limbo! Some keywords for you to search on in order to read what I read about. No bueno!
Great, so now I realize I’ve given my personal details to some unscrupulous individuals and they’ve charged me $50 for two years of domain registration which I’ll likely never actually receive from them. Fortunately, the domain transfer request turned out to be suspicious enough to catch my attention and make me thing twice before proceeding! At least my domain name is safe (I hope).
Next steps? I call my bank, and file a chargeback for the $50 charge, and have them cancel the Visa bank card I used to place the order. Now I get to be on the look out for odd or fraudulent charges on my account, yay me! Tomorrow I’m going to try to actually renew and transfer my domain to Register.com where I manage my other domains.
So, here are the lessons I’ve learned and some sage advice you might benefit from.
- Whenever possible, register your domain name yourself with a reputable domain registrar. Something like;
- If you do happen to let some entity register a domain on your behalf, know who that registrar is. You can use the WHOIS domain services to learn what registrar “owns” your domain.
- When renewing or registering a domain, make sure not to do so by clicking on links from emails, instead go to the registered web address for the domain registrar identified in the previous bullet point