Small business owners must be vigilant against the threat of criminals claiming to be from domain providers, according to the UK's largest domain-name provider.
123-reg claims there is a resurgence in fraudsters contacting companies and falsely warning them that unless they pay up they are at risk of losing their online identity.
"Domain-name scammers are exploiting weaknesses in businesses' processes for renewing domains and employing techniques such as pressure calling and phishing to con them into parting with cash to ‘keep their domain'," says Thomas Vollrath, managing director at 123-reg.
"Businesses should be vigilant of the risks and ensure that staff in accounts, marketing and IT are aware of the internal processes to deal with domain name renewals, while attempts using methods such as email phishing and appraisal scams should simply be ignored or reported."
Domain-name scamming is where fraudsters target businesses and home users, telling them that their domain is about to expire and they need to pay urgently to avoid losing it.
According to 123-reg, fraudsters tend to use four methods to domain name scam:
- Urgent letter in the post warning that you are at risk of losing your online identity and encouraging you to transfer to an expensive domain-name reseller
- Pressurised cold call using the same methodology as the urgent letter, but scammers get hold of your telephone number from a publicly available source
- Phishing scam. This works in a similar way to the bank phishing scam, where fraudsters send millions of emails encouraging people to go to a spoof website to renew their domain name
- Appraisal scams where fraudsters email expressing an interest in buying a domain to sell on, but demand an ‘appraisal fee' to assess its value
According to 123-reg, businesses are particularly at risk as fraudsters exploit any breakdown in internal communications. Domain name renewals are often processed accounts, while names may be chosen by marketing or IT, the company claims. Approximately 45% of domains are purchased for business use.
123-reg offers the following top tips to help your business steer clear of domain-name scammers:
- Appoint a domain name manager to manage domain name purchases and renewals. Make sure they keep all domain information (for example, login to control panels and domains owned) somewhere easily found by marketing, IT and finance
- Consolidate your domain names to one provider. Many businesses buy multiple names through multiple providers, which makes management of renewals arduous. This means domains are more likely to expire, and the risk of being scammed is increased
- Use a domain provider with a control panel and save the website address in your favourites to avoid being misdirected via an email
- Keep your domain locked. A locked domain is protected and cannot be transferred to a third part unless you authorise it
- Use automatic renewals. Domains are relatively cheap, but losing them is costly for your business. Set up automatic renewals through your control panel to avoid losing domains. Alternatively, your domain name manager can keep a spreadsheet highlighting renewal dates for your website addresses