The latest domain name renewal scam hits, and it’s a particularly ruthless one.
Domain name renewal scams have been going on for years. Typically, the scammer sends a fake invoice in the mail or an e-mail that says a domain renewal fee needs to be paid or the domain will be deleted. By paying the “invoice”, you are actually agreeing to transfer your domain to the scammer’s registrar.
I just received a renewal scam in my e-mail this morning, and this one’s particularly ruthless. It appears to be more of a phishing scam to rip off your credit card.
Here’s how the email starts out:
It is time to renew your domain name www.domain.com
Your domain name www.domain.com will expire within 90 days. You may renew your domain automatically with Domain Renewal. Click on the link in this e-mail to renew the domain for another year. You should renew your domain as soon as possible in order for it to continue to be registered in your name.
Click here if you wish to renew your domain
As soon as we have received your payment, you will receive a confirmation that your domain has been renewed.
The particular domain mentioned in the email is actually registered at Moniker, so I knew instantly that it was really a scam. If you read on, the email explains that the “company” helps people renew their domains, but throws in a twist: you keep the domain at the current registrar:
Services and information about Domain Renewal:
Domain Renewal maintains domain addresses, and registers and consults companies in relation to Internet domain ownership. We inform businesses about which domains are registered, and remind them if a domain is due to expire, or when it is time to renew a domain. If you want Domain Renewal to extend the domain for you, we ask you to click on the link in this e-mail. If you do not wish to use your domain after the due date for renewal, you may disregard this e-mail. When Domain Renewal extends your domain no information will be changed in the “Whoisâ€ information section. The domain will be extended for 1 year. You will
therefore continue with your current supplier. You may also request your Internet Service Provider to renew the domain for you. If you have any further questions please do not hesitate to contact our customer service centre by sending an e-mail to
If you click the link http://www.domainrenewalonline.com/for.php?d=domain.com it takes you to a page at domainrenewal-online.com that requests your credit card information. The page is unsecured and a framed credit card authorization page. The frame box uses a payment service called MultiCards, which is probably an unwilling participant in this scam. The site tries to instill confidence by showing the logos of Cisco Systems (NASDAQ: CSCO), Oracle (NASDAQ: ORCL), Microsoft (NASDAQ: MSFT), and IBM (NYSE: IBM).
According to whois, domainrenewalonline.com and domainrenewal-online.com are both owned by:
Domain Renewal SA
Avenue Louise 65
The domains were registered in April of this year.
Domain owners should protect themselves from domain registration and transfer scams. Here are a few tips:
1. Never respond directly to an email that requests you to renew domains. If you know the registrar where the domains are registered, type the registrar’s URL directly into your browser and login to your secure account to renew the domain.
2. Scrutinize any paper or email invoice you receive regarding domain names; most domain name registrars do not send invoices (particularly by snail mail).
3. When in doubt, call your registrar and inquire about the renewal notice.
4. Renew your domain names at least 4 months in advance. Most registrars start sending renewal notices 3 months in advance. If you renew all of your domains before that point, you should never receive a renewal notice and therefore will not fall prey to such scams.
To learn about other domain name scams, read this article.
Thanks for exposing this scam and others like it. I think you have exposed some domain-related scams over the years. One that I almost fell for was the domain appraisal scam that you covered a while back. You should put links in this post to other scams that you have covered before. I think others will find it useful! Cheers.
Good suggestion, I added the link
Read their small print…
“Moreover you homepage will seize to exist and…”
Michel Hendriks says
MultiCards has terminated their account with immediate effect as we do not tolerate these kind of practices.
If you have been a victim of this scam, please contact us directly and you will be given a full refund accordingly.
MultiCards Internet Billing
Michel, thank you for taking quick action. Hopefully they won’t just jump to another credit card processing service.
Here’s a pick up from TechWorld:
The more people who know about this the better.
Now that Multicards has shut down the scammers account, the scammer is just collecting credit card numbers on its web site…which means you’re basically being phished.
There is a company that acquires .com domains and offers them to the .net, .biz, .us, etc. owners. In a lot of cases when folks go to register the abcxyz.com it may be taken and they settle for the abcxyz.net domain. UpYoursTo.com monitors thousands of expiring domain names and buys them within seconds after they expire using high tech software. Then the domain is offered to the .net, .us , etc. owners. How neat is that?