5 Domain Name Scams Targeting Website Owners

Your domain name is one of the most valuable digital assets you own. It is your address and a central hub for your business, and because of this, your domain name is a prime target for opportunistic scammers. 

It’s not just about stealing a domain name from you — there are other types of domain name scams. In this post, we discuss some of the most pervasive domain name scams, detailing how each of them works and the steps you can take to avoid falling victim to them. 

Domain Slamming

Domain slamming is a type of domain name scam where a shady registrar tricks domain owners into transferring their domain names to them. It is also known as a fake domain renewal scam since the offending registrar sends urgent-looking notices, either by email or snail mail, claiming the target domain is about to expire and requires immediate renewal. 

These notices are designed to appear very serious, complete with professional-looking logos and references to the actual domain name and expiration date (information easily obtained from public WHOIS records). 

If the victim falls for the trick, they unknowingly transfer their domain registration to a new registrar. Instead of simply paying a renewal fee, they are signing an agreement to switch registrars and pay a grossly inflated rate — sometimes ten times the normal price — for the transfer and future renewals. Victims end up overpaying and inadvertently moving their valuable domain to a company with shady practices and poor security.

Example

Here’s an example of domain name slamming that involved Domain Registry of America, an ICANN-accredited registrar that had been suspended since 2014. However, other shady registrars still use similar tactics to this day.

How to Protect Yourself

• Know your registrar: Keep a record of your current, legitimate domain registrar (e.g., Namecheap, GoDaddy, Google Domains) and the exact domain expiration date. If a notice comes from any other company, it is a scam. You can always log into your account with the registrar and check the expiration date for every domain that you have with them.
• Enable domain locking: This security feature, also known as ClientTransferProhibited, prevents unauthorized transfers of your domain to another registrar. This can be enabled in the domain settings when you log into your registrar’s account. To see if your domain has this feature already enabled, use WHOIS Lookup to see the domain status codes.

• Set up auto-renewal: Enabling auto-renewal ensures that your domain is paid for and renewed automatically with the same registrar, neutralizing the fear and urgency that domain slamming notices try to exploit.

Fake Invoice Scams

In this scheme, scammers send official-looking invoices that aren't for renewal but for entirely made-up services, such as an expensive, unrequested domain listing service or a search engine optimization (SEO) service that was never ordered. These fake invoices are typically sent via postal mail to small businesses that process invoices without closely vetting the service description. They prey on the hope that someone will simply pay the bill without realizing the service was never requested or rendered.

Examples

A high-profile fake invoice case involved a Canadian firm operating under names like ILS Corp. and Domain Listing Service Corp. According to a report by SC World, this firm sent misleading invoices to small businesses for services that were never ordered or provided. They even registered slight variants of the victim's domain to create an additional layer of legitimacy. The Federal Trade Commission (FTC) took action, freezing the assets of the defendants and imposing a multi-million-dollar suspended judgment based on the harm caused to consumers. However, the defendants couldn’t pay, so they were fined US$10,000 instead.

Other recent examples of this scam include the “Web Listings” and “DomainNetworks” snail mail scam, where companies respectively named Web Listings, Inc. and DomainNetworks, sent out letters to domain owners. The letters were made to look like a bill for SEO or marketing services. Here’s an example:

How to Protect Yourself

• Implement a strict policy for handling invoices: Establish a clear, non-negotiable protocol: all bills should be checked against an internal record of ordered services. If a vendor is unknown or the service was not explicitly ordered by a recognized manager, the payment must be flagged and verified before processing.
• Investigate the company name on the invoice: Perform a Google search using the company name, combined with terms such as "scam," "fraud," or "complaint," to see if there are any warnings from previous victims. 
• Verify any domain names listed on the invoice: Use WHOIS Lookup to learn more about the website that appears on the invoice, or quickly check the Threat Intelligence API to see if the domain is safe, suspicious, or malicious. The domain domainnetworks[.]com on the DomainNetworks scam, for example, is flagged as suspicious:

• Conduct regular security awareness training: Educate your financial staff on the prevalence of fake service invoices.
• Read the fine print: Look for telltale disclaimers that state the document is a solicitation or advertisement and not an actual bill. These are often hidden in tiny font.

Domain Appraisal Scams

Domain appraisal scams target domain owners with an offer to sell their domain that might seem too good to be true. A scammer contacts you, claiming they or a well-funded client wants to buy your domain for a huge sum of money. 

The next step is the trap: the buyer insists you must first obtain a certificate of appraisal from a specific appraisal service they recommend. 

Example

Here is an example of an actual email from a scammer:

The domain appraisal service requires you to pay a fee. Unsurprisingly, this service is associated with the same scammer, and once you pay the appraisal fee, the supposed buyer disappears. The appraisal is either worthless or non-existent. 

How to Protect Yourself

• Don’t pay for appraisals: If the buyer demands an appraisal, let them pay for it.
• Use reputable marketplaces: If you decide to sell your domain, use an established domain marketplace that offers secure escrow and appraisal services, which typically charge a percentage of the final sale rather than an upfront fee.

Typosquatting

Typosquatting is a form of brand impersonation that capitalizes on a simple human error: typing a URL incorrectly or not looking at a misspelled URL long enough to see the typo. 

Exploiting this, scammers register misspelled versions of popular domain names to trick users into sharing their private information on fake sites that either just sit on the internet and wait for the users to make a typo or are advertised through phishing emails. 

These misspellings involve subtle substitutions, like using 'l' instead of 'i', adding a common suffix, or using a different top-level domain (TLD). For consumers, visiting these typosquatting domains leads to stolen login credentials, malware infections, financial loss through fake transactions, or just buying counterfeit goods. For businesses, these domains can lead to significant brand damage, as well as lost traffic and revenue.

Examples

For example, a user attempting to visit gucci.com might think that guccl[.]com, gucci-beauty.com, or guccil[.]shop is the real address.

The bogus sites may look legitimate, mimicking the layout and branding of the real company or selling similar products and services. The Website Screenshot Lookup result of some Gucci typosquatting domains, for example, shows e-commerce content, just like the imitated brand.

How to Protect Yourself

• Monitor typosquatting domain registrations: Use tools like Brand Monitor to get notified when domains impersonating your company name are registered. To illustrate, we searched for “Gucci” on the Brand Monitor in the Domain Research Suite and found that 27 typosquatting domains were added on October 22, 2025.

• Defensive domain registration: Businesses may choose to register common misspellings and variants of their primary domain (e.g., swapping .com for .co, or using a plural form) to prevent squatters from claiming them and to protect their customers. For example, Amazon does this at scale. Try visiting amazn.com or amozon.com and they’ll redirect you to the correct domain. 
• Add predictive threat intelligence to your corporate firewall or DNS filter: To protect employees, use advanced cybersecurity intelligence sources, such as the Typosquatting Data Feed or the First Watch Malicious Domains Data Feed. With these, you can proactively block access to predicted malicious domains, including typosquatting domains. 
• Conduct security awareness training: Conduct regular training sessions and simulated phishing campaigns that use typosquatting domains. Teach staff to always check the full URL in the address bar (not just the link text) and to hover their mouse over a link to preview the destination URL before clicking.

Trademark Protection Scam

This scam preys on a business owner’s fear of losing their trademark or brand name in a new market. The target receives an email or phone call from someone claiming to represent a domain registration service or the Intellectual Property Office (IPO). The message states that a company (often based overseas) is attempting to register your domain name using various country-code top-level domains (ccTLDs), and there is usually a great sense of urgency. Here’s an example of such an email, posted on LinkedIn:

The scammer would then offer to protect your brand by registering all these additional domain extensions on your behalf, but only if you pay an exorbitant fee right away. The threat is that if you don't act immediately, the other company will gain legal standing and cause major trademark infringement issues. In reality, no one is registering anything, and you are simply paying a high fee for unnecessary domains or, worse, nothing at all.

How to Protect Yourself

• Consult a trademark attorney: If you receive a communication that genuinely concerns your intellectual property, do not respond directly to the sender. Contact your legal team or a trademark attorney immediately for advice.
• Monitor the use of your brand name in domain registrations: Use Brand Monitor to receive notifications when your brand name is registered under various TLDs.
• Only use trusted registrars: If you decide to defensively register other TLDs, do so directly through your current, verified, and trusted domain registrar.
• Implement security awareness training: Ensure that employees are trained on how scammers exploit authority and fear to create a sense of urgency. They should also be taught to immediately report and never act upon unsolicited communications that threaten legal or financial loss if immediate action isn't taken.

Conclusion

A healthy level of skepticism and a thorough understanding of the schemes detailed above are your first and best lines of defense against domain name scams. Slow down and think first. Scammers rely on urgency to make you click, pay, or sign over control of domain names. Always pause, independently verify the source, and never pay an unexpected invoice without checking your records.

There are also resources that can help you stay ahead of scammers. 

• Tools like WHOIS Lookup let you instantly verify your domain's actual registration status. 
• Services such as Brand Monitor proactively scan the internet for fraudulent lookalike domains that target your brand. 
• Additionally, security solutions like Threat Intelligence API and First Watch Malicious Domains Data Feed help protect your employees by preventing them from accidentally visiting known malicious domains and those that are likely to turn malicious.