There’s a nice post over on the Tucows blog warning about fake domain name renewal notices. Tucows is a wholesale domain name registrar, so the advice is aimed mainly at other domain registration companies, but it’s an interesting read nonetheless.

Fake renewal notices are basically a variation on the phishing schemes you might have seen before. In short, unethical companies (some would use a stronger word than ‘unethical’) try and con people into transferring their domain name(s) to them.

This is how it usually works:

1. The dodgy company gets a registrant’s information and domain expiry date from the WHOIS database.
2. They then contact the registrant with a fake email telling them they need to renew the domain or risk losing it.
3. When the registrant follows the instructions in the email, they end up transferring, not renewing, the domain.

If you get conned, you can end up stuck at a new domain registrar, potentially locked into unfavourable terms or unable to administer the domain as you need to. In some cases people have even lost domains altogether.

But I don’t want to overstate the risks. The chances of being targeted are generally quite small, and here at CCS Leeds we provide several ways to thwart the transfer thieves:

• Hide your details. With many domains, (like .co.uk), you can opt to remove your personal details from the WHOIS database. Take advantage of this. If they can’t see your details, they can’t contact you. You can find out how to do this on the CCS Leeds Support Site
• Keep your domain locked. A locked domain can’t be transferred.
• Use auto-renewal. By default, we’ll renew your domain name automatically unless you ask us not to. You just have to make sure the credit or debit card details we have stored for you are up-to-date. If you do this, you’ll know that you don’t have to do anything else to renew your domain name.