Domain name slamming is a form of domain name registration fraud that is perpetrated by companies that offer domain name registration services. The tactic involves a company tricking or misleading individuals or businesses into registering or transferring their domain name to the company, often with the promise of “renewing” or “protecting” the domain name.

Warning: Domain name slamming fraud is known to operate in Canada. See the example of a Canadian domain name slamming fraud letter at the end of this post..
Typically, domain name slamming is done through unsolicited phone calls or emails, where the caller or sender claims to be affiliated with the domain registrar and tells the recipient that their domain name registration is about to expire and that they need to renew or transfer it in order to keep it. They may say that the domain is in danger and try to pressure people into renewing it as soon as possible. The company will then charge the individual or business a much higher fee than they would have paid if they had registered the domain name directly with a legitimate registrar, or will change the contact information associated with the domain name to the scammer’s information, effectively hijacking the domain name.

What are some common domain name-slamming tactics?

Here are a few examples of domain name-slamming tactics:

  1. Renewal scams: A company will contact you and claim that your domain registration is about to expire and that you need to renew it immediately in order to keep it. They may charge you a higher fee than you would have paid if you had renewed your domain directly with a legitimate registrar.
  2. Transfer scams: A company will contact you and claim that your domain registration is about to expire and that you need to transfer it to a new registrar in order to keep it. They may charge you a higher fee than you would have paid if you had transferred your domain directly to a legitimate registrar.
  3. Domain appraisal scams: A company will contact you and claim that your domain is valuable and that they will purchase it for a large amount of money. They may request you to pay an upfront fee for an appraisal and then disappear.
  4. Domain Hijacking: A scammer will contact you and claim that your domain is in danger and that you must renew or transfer it to a new registrar immediately. They may use convincing stories such as telling you that the domain has been acquired by a competitor. Once they have control of the domain, they may hold it for ransom, sell it to someone else or use it for malicious purposes.
  5. Email scams: A scammer will send an email pretending to be your registrar, or another entity related to your domain name, asking for personal or financial information or requesting you to renew or transfer the domain name to a different provider, usually with a sense of urgency.

These are a few examples, but scammers can be very creative and come up with new ways to try to scam you, so it’s important to always be vigilant and verify the authenticity of any requests or claims related to your domain name.

Real-world examples of domain name slamming

There have been several real-world examples of domain name slamming, many of them date back to the same Canadian company that has a long history of legal issues with the US-based, FTC since 2003. It seems like the company seems to get away with operating in Canada, despite having been reported to local law enforcement for misleading and fraudulent business practices.

  • In 2010, the Federal Trade Commission (FTC) filed a lawsuit against an organization called “Domain Name Sales” for tricking small business owners into transferring their domain names to the company at inflated prices. The FTC alleged that the company sent misleading renewal notices to businesses, falsely claiming that their domain names were about to expire and that they needed to renew or transfer them to Domain Name Sales to keep them.
  • In 2012, the FTC filed a lawsuit against a company called “eNom Central” for tricking small business owners into transferring their domain names to the company at inflated prices. The FTC alleged that the company sent misleading renewal notices to businesses, falsely claiming that their domain names were about to expire and that they needed to renew or transfer them to eNom Central to keep them.
  • In 2013, the FTC filed a lawsuit against a company called “Domain Registry of America” (DROA) for tricking small business owners into transferring their domain names to the company at inflated prices. The FTC alleged that the company sent misleading renewal notices to businesses, falsely claiming that their domain names were about to expire and that they needed to renew or transfer them to DROA to keep them.
  • In 2016, the FTC filed a lawsuit against a company called “BuyDomains” for tricking small business owners into transferring their domain names to the company at inflated prices. The FTC alleged that the company sent misleading renewal notices to businesses, falsely claiming that their domain names were about to expire and that they needed to renew or transfer them to BuyDomains to keep them.
  • In 2019, the FTC took legal action against a company that sent fake renewal notices and invoices to individuals and small businesses, tricking them into transferring their domain registrations to the company at inflated prices.
  • In 2020, the Federal Trade Commission (FTC) filed a lawsuit against a company that sent fake renewal notices to small businesses, tricking them into transferring their domain registrations to the company at inflated prices. The company charged some business owners as much as 10 times what they would have paid if they had renewed the registration through their original registrar.

These are just a few examples of domain name-slamming cases that have been identified and brought to court. But this problem has been around for many years and still exists, as scammers are constantly trying new ways to trick people into transferring or renewing their domains under false pretenses, which demonstrates how important it is to be vigilant and take steps to protect your domain name.

How does a domain name slammer get my contact information?

There are several ways that a domain name slammer can obtain your contact information. Here are a few common methods:

  1. WHOIS database: The WHOIS database is a publicly accessible database that contains information about registered domain names, such as the registrant’s name, address, and phone number. This information is required to be accurate, but some people might not be aware of this and not keep it up to date. Scammers can easily search the WHOIS database for contact information for a specific domain name.
  2. Publicly available information: Scammers may also be able to find your contact information through other publicly available sources, such as social media, business directories, or your own website. They can then use this information to send unsolicited emails or make unsolicited phone calls.
  3. Data breaches: Scammers may also obtain your contact information through data breaches. Many data breaches occur, where personal information like email addresses, phone numbers, and names are exposed, which can be used to target people with phishing or scam attempts
  4. Phishing attempts: Scammers may also attempt to phish your contact information by sending you an email or a message that looks like it’s from a legitimate source, such as your domain registrar. They may ask you to click a link and provide your personal information, such as your email address, phone number, and billing information.
  5. Spamming: Scammers may also obtain your contact information by using software that automatically scans websites, forums, and other online sources for email addresses and phone numbers. This is often done in bulk and can result in a large number of unwanted emails and phone calls.

It is important to be aware of these methods and take steps to protect your personal information and keep it up to date with your domain registrar. Additionally, be skeptical of unsolicited

How can I protect myself from domain name slamming?

It’s worth noting that legitimate domain registrars do reach out to their customers when their domain name is approaching expiration, but they will usually use email addresses or phone numbers that you have on file. It’s always best to double-check the authenticity of the call or email and to confirm the expiration date with your registrar directly. Here are some steps you can take to protect yourself from domain name slamming:

  1. Be wary of unsolicited phone calls or emails: Be skeptical of unsolicited phone calls or emails from individuals or companies claiming to be affiliated with your domain registrar, especially if they are asking for personal information or money.
  2. Verify the expiration date of your domain name: If you receive a call or email claiming that your domain name is about to expire, contact your domain registrar directly to verify the expiration date. You can also check the WHOIS information of your domain to confirm the date as well.
  3. Protect your personal information: Be cautious about giving out personal information, such as your credit card number or account information, over the phone or in an email. Legitimate domain registrars should not ask for this information in unsolicited phone calls or emails.
  4. Use a reputable domain registrar: Register your domain name with a reputable domain registrar, and make sure to keep accurate records of your registration details and expiration date.
  5. Make sure to keep your contact information up to date: Keep your contact information, such as your phone number, email address, and mailing address, up to date with your domain registrar. This way, you will be able to receive notifications about your domain expiration in time, and you will be able to confirm their authenticity.
  6. Use a domain privacy service: Some registrar offer domain privacy services that will replace your personal information with their own, making it more difficult for fraudsters to target you. This is offered on all domains that support this feature at Thexyz as ID Protection.
  7. Educate yourself: Learn about different types of domain-related fraud, so you know what to look out for and can take steps to protect yourself.

By following these steps and being vigilant, you can reduce the risk of falling victim to fraud. If you suspect you have fallen victim to a domain name-slamming scam, it is important to contact the registrar to verify the status of your domain and to make sure that the contact information for your domain is accurate. Here is an example of a domain-slamming letter from a known Canadian fraud operation. One could argue that maybe this is just misleading.

Domain Name Expiration Notice As a courtesy to domain name holders, we are sending you this notification of the domain name registration that is due to expire in the next few months When you switch today to Domain Registry, you can take advantage our best savings, Your registration for: —.com will expire on Juno ’19, 2021 Act today. Reply Requested By: April 26, 2021 You must renew your domain name to retain exclusive rights to it on the Web, and now is the time to transfer and your name from your current Registrar to Domain Registry, Failure to renew your domain name by the expiration date may result in a loss of your online identity making it difficult for your customers and friends to locate you on the Web. Privatization of Domain Registrations and Renewals now allows the consumer the choice of Registrars when registering and also when renewing a domain name. Domain name holders are not obligated to renew their domain name with their current Registrar or with Domain Registry. Review our prices and decide for yourself You are under no obligation to pay the amounts stated below, unless you accept this offer, This notice is not a bill, it is rather an easy means of payment should you decide to switch your domain name registration to Domain Registry.

Domain Slamming

Here is an example of a domain slamming letter sent to try and trick someone into a domain name transfer.

 

Domain fraud letter

The envelope of a domain slamming fraud organization based in Toronto, Canada