New Domain Name Renewal Scam Hits Inboxes

The latest domain name renewal scam hits, and it’s a particularly ruthless one.

Domain name renewal scams have been going on for years. Typically, the scammer sends a fake invoice in the mail or an e-mail that says a domain renewal fee needs to be paid or the domain will be deleted. By paying the “invoice”, you are actually agreeing to transfer your domain to the scammer’s registrar.

I just received a renewal scam in my e-mail this morning, and this one’s particularly ruthless. It appears to be more of a phishing scam to rip off your credit card.

Here’s how the email starts out:

It is time to renew your domain name www.domain.com

Your domain name www.domain.com will expire within 90 days. You may renew your domain automatically with Domain Renewal. Click on the link in this e-mail to renew the domain for another year. You should renew your domain as soon as possible in order for it to continue to be registered in your name.

Click here if you wish to renew your domain
-> http://www.domainrenewalonline.com/for.php?d=domain.com

As soon as we have received your payment, you will receive a confirmation that your domain has been renewed.

The particular domain mentioned in the email is actually registered at Moniker, so I knew instantly that it was really a scam. If you read on, the email explains that the “company” helps people renew their domains, but throws in a twist: you keep the domain at the current registrar:

Services and information about Domain Renewal:
Domain Renewal maintains domain addresses, and registers and consults companies in relation to Internet domain ownership. We inform businesses about which domains are registered, and remind them if a domain is due to expire, or when it is time to renew a domain. If you want Domain Renewal to extend the domain for you, we ask you to click on the link in this e-mail. If you do not wish to use your domain after the due date for renewal, you may disregard this e-mail. When Domain Renewal extends your domain no information will be changed in the “Whois” information section. The domain will be extended for 1 year. You will
therefore continue with your current supplier. You may also request your Internet Service Provider to renew the domain for you. If you have any further questions please do not hesitate to contact our customer service centre by sending an e-mail to
support@domainrenewalonline.com

If you click the link http://www.domainrenewalonline.com/for.php?d=domain.com it takes you to a page at domainrenewal-online.com that requests your credit card information. The page is unsecured and a framed credit card authorization page. The frame box uses a payment service called MultiCards, which is probably an unwilling participant in this scam. The site tries to instill confidence by showing the logos of Cisco Systems (NASDAQ: CSCO), Oracle (NASDAQ: ORCL), Microsoft (NASDAQ: MSFT), and IBM (NYSE: IBM).

According to whois, domainrenewalonline.com and domainrenewal-online.com are both owned by:

Domain Renewal SA
Avenue Louise 65
Brussels, 10050
BE

The domains were registered in April of this year.

Domain owners should protect themselves from domain registration and transfer scams. Here are a few tips:

1. Never respond directly to an email that requests you to renew domains. If you know the registrar where the domains are registered, type the registrar’s URL directly into your browser and login to your secure account to renew the domain.

2. Scrutinize any paper or email invoice you receive regarding domain names; most domain name registrars do not send invoices (particularly by snail mail).

3. When in doubt, call your registrar and inquire about the renewal notice.

4. Renew your domain names at least 4 months in advance. Most registrars start sending renewal notices 3 months in advance. If you renew all of your domains before that point, you should never receive a renewal notice and therefore will not fall prey to such scams.

To learn about other domain name scams, read this article.