
Domain name fraud involves the use of misleading e-mails and phone calls to sell domain names and related services to businesses. Posing as a legitimate domain name provider or registrar, the fraudster approaches a business, claiming (dishonestly) that someone else wants to register a domain name very like the business’s name, but with a different extension, e.g. .eu, .info or .com.
They offer to prevent the rival registration by registering the domain name for the targeted business, providing that the business acts quickly and agrees a registration contract. However, the small print is typically weighted heavily in the fraudster’s favour. So, if the victim is hurried into signing or making a verbal agreement, they can find themselves locked into a contract that’s far more expensive and/or longer than normal. In other words, the scammer takes advantage of the victim’s fear that a competitor will make use of their domain name, and the fact that, in law, a verbal contract is just as binding as a written one.
Expired domain
Another common scam involves a fraudster buying an expired domain name before the previous registrant can renew it. The former registrant then feels that they have no choice but to take legal action to get their domain back. The scammer takes advantage of the situation by offering to sell the domain name back to its rightful owner at an inflated price, or using it for phishing. A scam like that is a form of cybersquatting.
How can you spot attempted domain name fraud?
Insistent tone
The caller will often use an insistent tone and imply that you need to act quickly. There isn’t time to think things over, otherwise ‘your rival' will take the domain name.
First refusal
Often, the caller will claim that you have first refusal on the domain name. They will say that, because you already have the .nl version, you have the right to buy the domain name ahead of anyone else. However, no such right actually exists.
Expensive registration
You will typically be pressed to register the domain name for a very high price. From a legitimate service provider, a domain name normally costs 5 to 20 euros a year. Domain name fraudsters often charge ten times that much, however. And they’ll try to get you to register the name for a very long period.
How can you prevent domain name fraud?
If someone calls you unexpectedly about buying a domain name, never agree straight away. Always look into the offer properly first.
First, check whether the domain name is already registered and, if so, by whom. Has it been registered by the caller, for example? The registrants of .nl domain names can be checked using the Whois.
Before going ahead, contact your usual hosting company to check their prices and get their advice.
Take the initiative: look into the possibility of registering any other domain names and extensions similar to your own to prevent scammers getting hold of them. If you’d like to trade abroad in the future, consider proactively registering versions of your domain name with other extensions, such as .com, .de and .be.
Find out whether your caller can be trusted by searching online for information and reviews shared by other customers.
Official registrar?
Have you been pressed to buy a .nl domain name? Visit SIDN’s website to see whether the organisation that called you is an official registrar for .nl domain names. Scammers often claim to be independent hosting service providers, but aren’t actually affiliated to SIDN.
Is domain name fraud illegal?
Domain name fraud is a form of deceptive marketing, meaning that, in the Netherlands, you can make a complaint to the police. In practice, however, it’s sometimes hard to prove that the caller did anything illegal. The people who use these selling techniques are typically smooth operators who pose as legitimate service providers.
SIDN BrandGuard
SIDN BrandGuard is a domain name monitoring service that covers all extensions (.nl, .com, .eu, etc). As a subscriber, you’ll be alerted whenever someone uses your domain name or registers a domain name that contains or resembles (a mistyped version of) your organisation’s name. You get the alerts before the domain names go live. Getting early warnings enables you to respond promptly to prevent cybersquatting, typosquatting, invoice fraud and CEO fraud. And thus avoid the high cost and reputational damage caused by such scams.
Read more about SIDN BranGuard
Wat doe ik als ik een verdachte website heb gevonden?
Als je mail met een verdachte url ontvangt of een phishingwebsite tegenkomt, wees dan alert. Klik niet op de verdachte url en als je al op de website bent, klik dan niet verder. Vul sowieso nooit gegevens in op een verdachte website.
Maak melding de verdachte website
Gelukkig was jij scherp en viel het je op dat de url of website verdacht is. Om te voorkomen dat er slachtoffers vallen door de phisingwebsite, is het belangrijk dat je er melding van maakt. Voor de afhandeling van meldingen over .nl-websites werken wij samen met Netcraft, wereldleider op het gebied van cybercrimedetectie. Je kunt de melding doen via https://report.netcraft.com/report. Netcraft onderzoekt je melding en als er daadwerkelijk sprake is van phishing of een andere vorm van cybercrime, dan meldt Netcraft dit bij ons en komen we in actie.