Blog

Quick updates

Research has shown that, without training, one in three European employees would be caught by a phishing email. Wondering what that figure is like in your organization? Read more

As you may have heard from the press, a security issue was recently found through the widely used application named “Apache Log4j”. “Apache Log4j” is a supporting application mainly used by programs that use a web browser (Chrome, Edge Internet Explorer…) as well as public websites. Read more

Domain names: beware of misleading sales practices and fraud

Fraud with domain names
IT & telecom news

Domain names: beware of misleading sales practices and fraud

It has been happening since quite a while, but recently we have again noticed a surge in scammers or companies with questionable sales practices and identical identity that are targeting SMEs that have one or more domain names.

There are many techniques that are used. We explain the most important ones and conclude with some tips.

The classical one: false invoices

The example below is already well known. This is clearly a false invoice as there is no address of the sender, the website is incorrect, and moreover it is not stated which domain name it concerns. In addition, you should always question invoices regarding domain names received from a different party than the one where you already have them. That is why it is a good idea to have all your domain names centralized with one partner, such as e.g., K-Force.

fake-invoice

Sales by email and telephone

In addition, it happens that you are contacted by email or even by phone by a company to give you the opportunity to register a domain name with an extension other than yours, before someone else does it. For example, you have had the domain name www.thisismydomainname.com for several years now. The company that contacts you says it has received a request from one of their customers to register the domain name www.thisismydomainname.net. But they want to give you the chance to register it first. That way, your customers won’t be confused if they end up on another website via the .net extension. Here too, if you want to register this domain name, do it through your current partner and don’t trust an external party who is maybe trying to convince you under false pretext.

Moreover – and that is a clear signal – people often try to have you commit for eg. 10 years. As a domain name often only costs a few tens of euros per year, it is not really worth it for the fraudster to set up the fraud for a short time period, hence why they try to make you commit and pay upfront for a long period of time.

verkoop-domeinnaam

Domain name will expire

When you receive an e-mail that warns you that you have not yet paid for the renewal of your domain name and that you urgently need to do this (“final notice of domain listing”), alertness is again important. These emails often contain spelling mistakes or strange sentence structures. At K-Force, we usually send a standard invoice long enough in advance before the expiration date of your domain names. Suppose you forgot to pay it, then you just get reminders from us.

Domain hijackers

Another practice, but with the same goal, is trying to hijack your domain name. This also happens in several ways. The easiest way for a hijacker is to wait until you forget to renew your domain name. They then register it themselves to resell to third parties, or to yourself, but at a much higher price.

People also try to ‘steal’ your domain name more directly: the thief submits a request in your name, with falsified data, to transfer the domain to himself. Or sends you an email in which the logo and identity of your real domain name partner have been properly copied, with the request to log in or to pay an invoice. This way he comes into possession of your login details, and he can do whatever he wants. Here too, the ultimate goal is of course to capitalize on it.

After your domain name has been hijacked by fraudsters or thieves, or just another company, it is often a lengthy and expensive process affair to get it back. Because your domain name is directly linked to your company’s reputation, you often have no other choice than to cough up the requested sum.

ICANN: not everything is fraud.

For .com .biz .org and .net domain names and new extensions such as .gent .immo .shop you will receive an e-mail upon registration and annually to verify that the e-mail address with which your domain name was registered (still) is correct. You get this email from noreply@european-server.com. In certain cases of a registrar such as e.g. OVH or Combell.

All you have to do is click on the link in the email, only in this case. If you are still in doubt about the authenticity of such an email (you are not alone), please do not hesitate to ask our helpdesk for advice.

Some concrete tips

First of all, we’ll give you some tips to spot fraudulent emails. The same rules apply here as with all other e-mails: check and double check.

Strange links in the email. If you hover your cursor over a link in your email, you will see which URL you will actually be forwarded to. Do you think you have received an e-mail from Proximus, but the link sends you to a website other than www.proximus.com? Then delete the email immediately.
In any case, do not click on any links in an email regarding your domain name(s) which does not come from your domain name partner. Always contact your partner when in doubt.
Urgent urgency: your will to get things settled is anticipated. It is expected that you will react in a hurry and thus fall into the trap because you do not carefully check what is actually going on.
Multi-year offer: As mentioned, annual domain name fees are usually too low to set up fraud. With a payment of 10 years, the amounts are more interesting for the fraudster.

You can find many more tips on recognizing suspicious and dangerous emails via www.safeonweb.be

Finally, we give some best practices regarding domain names.

Make sure your domain names are automatically being renewed. K-Force sends the invoice(s) in a timely manner, so that you can pay on time to ensure the automatic renewal happens in time and to ensure that the domain hijackers don't stand a chance.
Register your domain name with a party that ensures correct registration. At K-Force we always make sure that you are the domain name holder. That way you don't depend on us if you ever decide to transfer your domain name to another partner.
Do not use free email addresses for your domain name registration. If this is left unused for a long time, or in case of loss of password or access, there is no support from the provider so that you can regain access. If validations for your domain name have to be done by e-mail, this will no longer be possible.

Conclusion

All things considered it’s a good idea to centralize the registration and management of your domain names with your IT partner. He often manages all your email addresses linked to your domain name, which only makes it easier. At K-Force we have the necessary tools to guarantee perfect service, both administratively and technically. Of course, we are always available if you have any doubts about communication you receive. It is always better to prevent than having to cure.

Do you have any other questions? We are happy to assist you! Reach out to us through one of our usual channels.

How can we help? Get in touch with our experts.

Enter your details and we will contact you as soon as possible.


    We value your privacy and we only use the information you entered here in order to reply you.

    Or call us now!

    We are happy to discuss your project, in person or via video call. Request a free consult with one of our IT or telecom experts to get to know each other and to look into your particular situation.

    Stay updated on our news? Subscribe to our newsletter.