Beware Of Domain Name Phishing Scams
Have you ever received an email, or physical mail that you felt at a gut level wasn't quite right? It looks kind of legit, but something makes you hesitate. Good! There's a very good chance it's a scam. If in doubt, always reach out for clarification.
This actually happened today with one of the members in the Rough Diamond (Academy) Community. She received an email asking her to upload various documents to verify that she was the legitimate owner of her domain name and was meeting the government criteria for owning a .AU domain. To back up the request the email pointed her to a website that appeared to outline the requirments for a .AU domain. In fact, that site is legitimate:
That's the catch. By directing you to a legitimate website that outlines the regulations, or whatever, it tricks you into thinking the whole thing is legitimate. But, if you then follow up with the requested uploading of the documents, that will be a different site, usually made to look like the legitimate site.
For the hacker it's a numbers game. Send the email out to owners of domain names, and a percentage of those will fall in to the trap. If the email arrives when you are stressed, distracted or otherwise occupied you might act on it before thinking. And then they have your identity documents. That's the name of the game: Identity theft!
Here's the scam alert from the Domain Authority here in Australia: https://www.auda.org.au/news/scam-alert-email-scam-targeting-au-registrants
What To Do When Receiving One Of These Emails or Letters
Don't Panic! Don't rush to do anything. It's the rushing that causes people to fall for the ruse. Follow up with the company you bought your domain from and ask them if the request is legitimate or not if you're uncertain. Reach out to others, like our community, and ask for advice before proceeding. Read the email carefully, there are often clues like poor spelling that give the game away.
There's so many variations of these scams, so it pays to be suspicious. If it's legitimate your domain registrar, the company you bought it from, will know.
I have personally received two variations of this theme in the last few weeks.
The first is the renewal of my business name. Here in Australia that is done through ASIC: https://asic.gov.au/for-business/renewing-your-business-name/
Every year I get these fake renewal notices that use the exact formula mentioned above. They point to the legitimate website for the explanation, but a different one for the payment - theirs. It's actually written on the renewal that they aren't ASIC and that they're a private renewal company., so I guess they get around it by being honest in a less than honest and very deceptive way. If I paid them I have no idea whether they would renew my business name, but even if they did it's at a highly inflated price. So, I throw their renewal notice in the recycling and head to ASIC and renew it there. Thanks for the reminder scammers!
The other one get is for domains that are very similar to the one I own. Again, somewhere in a less than obvious place is says it's not a renewal, but again it's made to look like one. The aim is that I'll buy a new domain at a highly inflated price, and they get my details, etc. I get several clients call me every year asking if these are legit. Recycle the paper so at least it not a complete waste!
Report the Scam
After you've had a cuppa and calmed your heart rate, report the scam here: https://www.scamwatch.gov.au/
Be on the lookout for scammers. It's a sad fact of life, but it is what it is!