
Domain name fraud involves the use of misleading e-mails and phone calls to sell domain names and related services to businesses. Posing as a legitimate domain name provider or registrar, the fraudster approaches a business, claiming (dishonestly) that someone else wants to register a domain name very like the business’s name, but with a different extension, e.g. .eu, .info or .com.
They offer to prevent the rival registration by registering the domain name for the targeted business, providing that the business acts quickly and agrees a registration contract. However, the small print is typically weighted heavily in the fraudster’s favour. So, if the victim is hurried into signing or making a verbal agreement, they can find themselves locked into a contract that’s far more expensive and/or longer than normal. In other words, the scammer takes advantage of the victim’s fear that a competitor will make use of their domain name, and the fact that, in law, a verbal contract is just as binding as a written one.
Expired domain
Another common scam involves a fraudster buying an expired domain name before the previous registrant can renew it. The former registrant then feels that they have no choice but to take legal action to get their domain back. The scammer takes advantage of the situation by offering to sell the domain name back to its rightful owner at an inflated price, or using it for phishing. A scam like that is a form of cybersquatting.
How can you spot attempted domain name fraud?
Insistent tone
The caller will often use an insistent tone and imply that you need to act quickly. There isn’t time to think things over, otherwise ‘your rival' will take the domain name.
First refusal
Often, the caller will claim that you have first refusal on the domain name. They will say that, because you already have the .nl version, you have the right to buy the domain name ahead of anyone else. However, no such right actually exists.
Expensive registration
You will typically be pressed to register the domain name for a very high price. From a legitimate service provider, a domain name normally costs 5 to 20 euros a year. Domain name fraudsters often charge ten times that much, however. And they’ll try to get you to register the name for a very long period.
How can you prevent domain name fraud?
If someone calls you unexpectedly about buying a domain name, never agree straight away. Always look into the offer properly first.
First, check whether the domain name is already registered and, if so, by whom. Has it been registered by the caller, for example? The registrants of .nl domain names can be checked using the Whois.
Before going ahead, contact your usual hosting company to check their prices and get their advice.
Take the initiative: look into the possibility of registering any other domain names and extensions similar to your own to prevent scammers getting hold of them. If you’d like to trade abroad in the future, consider proactively registering versions of your domain name with other extensions, such as .com, .de and .be.
Find out whether your caller can be trusted by searching online for information and reviews shared by other customers.
Official registrar?
Have you been pressed to buy a .nl domain name? Visit SIDN’s website to see whether the organisation that called you is an official registrar for .nl domain names. Scammers often claim to be independent hosting service providers, but aren’t actually affiliated to SIDN.
Is domain name fraud illegal?
Domain name fraud is a form of deceptive marketing, meaning that, in the Netherlands, you can make a complaint to the police. In practice, however, it’s sometimes hard to prove that the caller did anything illegal. The people who use these selling techniques are typically smooth operators who pose as legitimate service providers.
SIDN BrandGuard
SIDN BrandGuard is a domain name monitoring service that covers all extensions (.nl, .com, .eu, etc). As a subscriber, you’ll be alerted whenever someone uses your domain name or registers a domain name that contains or resembles (a mistyped version of) your organisation’s name. You get the alerts before the domain names go live. Getting early warnings enables you to respond promptly to prevent cybersquatting, typosquatting, invoice fraud and CEO fraud. And thus avoid the high cost and reputational damage caused by such scams.
Read more about SIDN BranGuard
What should I do if I come across a suspect website?
If you get an e-mail containing a suspect URL, or if you come across a phishing website, be on your guard. Don’t click the suspect link. If you’re already on the website, don’t click anything there. And never enter any data on a dubious website.
Report the site
Fortunately, you were sharp enough to notice that the URL or site was suspect. However, other people might not be as alert. To save others from getting scammed, it’s important to report what you found. We handle reports about .nl websites in partnership with Netcraft, a global leader in cybercrime detection. Reports can be submitted at https://report.netcraft.com/report. Netcraft will investigate your report and, if the reported site is found to be involved in phishing or any other kind of cybercrime, Netcraft will let us know, so that we can take appropriate action.