Domain Renewal Scams and Fake Invoices
Don’t Pay the Wrong Person!
Just like a recent cyber-scam that tricked a local school system into paying a $3.75 M invoice to the WRONG recipient, criminals target businesses in many ways that might not be as lucrative, but can still cause trouble. If you THINK you’ve renewed your domain name, but really didn’t, you could lose a very valuable cog in the functioning of your business – taking down your website and email!
We see it quite often and it is on the rise – by mail or email – an invoice/bill for renewal of your domain name. Scam companies, like “Domain Registry of America” or “The Domain Hosting Group” send what appears to be a legitimate invoice to renew your domain, but they are only trying to get your money, not really renewing your domain. It is rather easy to do – your domain information is public and can be found at https://whois.icann.org, including all kinds of information that is helpful to create a fraudulent bill.
What You Can Do
DOCUMENT all your domain names, from where they were purchased, cost and their expiration dates. Keeping your domain active and renewed is very important to the functioning of your business, so make this high priority.
You can pay for a PRIVATE REGISTRATION, which eliminates your name and email from being included in this public registry, but your expiration date and who you have it registered with is still there. This makes it a bit harder to target the right person.
If you use a Managed IT Provider like us, we track and renew your domain and related SSL certificates, along with many other types of renewals, so you would never get a separate invoice from a third party vendor.
KNOWLEDGE and TRAINING should prevent your staff from falling for this scam. If you’d like more security tips, check out our Weekly Cyber-Security Tips subscription at https://www.integrityky.com/my-security-tips/
As for the $3.75 M invoice and money transfers, build in additional checks to verify invoice requests. Many of these larger scams come from gaining access to your company email, monitoring to learn processes and who authorizes, then spoofing their accounts. This is where 2-factor authentication protects email and a phone call to your banker who knows you well pay off. Learn more in our blog post, Cybersecurity: What can Businesses expect in 2019?.
Stay Safe! #CyberSafeKY
Related Posts
- You may or may not know you have a problem ( August 8, 2019 )
- What’s in your wallet … is for sale or trade on the dark web? ( July 30, 2019 )
- Help With PCI Compliance ( July 25, 2019 )
- IT Security Audit for Your Business ( July 11, 2019 )
- Security Program Development for Your Company ( June 13, 2019 )
- Healthcare Breaches Hit All Time High ( June 5, 2019 )
- What’s Your Best Hacking Defense? ( May 16, 2019 )
- Online Behavior Tracking: The Good, The Bad, The Ugly ( April 29, 2019 )
- How Vendor Hacking can Impact Your Business ( April 25, 2019 )
- How do you know if your Cybersecurity Awareness Training is Working? ( April 23, 2019 )
Recent Posts
Sign up for our Newsletter
Archives
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- July 2015
