The Gandi Community

We need to talk about slamming (again)

If you are the happy holder of a domain name or of a trademark, you might have received messages which look suspicious or seem to originate from dubious senders. One will, for instance, pretend your domain name is about to expire, but is not sent by the sponsoring Registrar.

The other contacts you in your capacity as CEO and kindly informs you someone is trying to register domain names with Chinese top level tlds using your trademark and/or your company name.

After reading this message, you are left on your own, with many options ranging from ignoring the mail to forwarding the message to your attorney. You may be facing a slamming attempt, a common type of fraud which is perpetrated in various ways.

Last month, we warned our customers about a wave of slamming attempts and this article’s goal is to provide an overview of the different frauds that go by the illustrious name  “slamming” and to provide you with advice as to what to do when you receive such messages.

 

1. The “Protect your trademarks” (for a high price) scam

While pretending to offer help protecting your trademarks, a “Registrar” contacts you telling you someone is trying to register these trademarks in Chinese and Asian top-level domains such as .cn, .asia or .tw. This generous sender is simply willing to allow you to oppose these registrations! If you are still interested in protecting your trademarks, of course.

Usually, trademark holders reply instantly: yes please! Block these people trying to steal my business!

The trademark holder just confirmed his order for a domain name registration he did not need in the first place. And it is usually really expensive.

We advise you to: not (ever) reply to these alleged warnings. Replying will confirm you are reading the message and that you’re worried about your tradermarks and will be considered by the scammer as a sign of weakness and vulnerablability.

 

2. The “Someone registered your domain name as a keyword” scam

These messages are usually written in an urgent tone. They are very similar to those above, even if they indicate someone registered your trademarks or domain names as keywords instead of domain names.

Again, please disregard these offers: replying will only lead the scammer to put pressure on you and offer overpriced (compared to average) services that you do not even need.

 

3. The “Your domain name will expire soon” scam

You might have received emails in the past indicating your domain name would expire soon while, to your knowledge, it was due to expire much later.

This type of scam works the same way no matter the perpetrator: you are being told your domain name is about to expire within the next few days and you could lose it. A document is usually attached to facilitate renewal process.

This document is not a real renewal order. By replying and ticking the box or accepting the offer, you are instead accepting a transfer of your domain name from your current Registrar to another.

Not only is your domain name being transferred from your trusted Registrar to an unknown and not-so-trustworthy Registrar (they emailed you out of the blue, remember), but you are also charged four or five times the price usually charged for such transfers.

We advise you to: upon reception of these so-called “reminders”, your first reaction should be to perform a Whois check on your domain name to compare the “reminder” information and the Registry’s information.

If the expiration date does not match the one the message you received, you are most probably reading a fake notification.

Quick reminder: keep in mind that you can enable the “transfer lock” protection on your domain names directly from your GANDI account as well as two-factor authentication and, at last, IP restriction, to increase the protection level on your domain name(s).

And as we mentioned before, remember our anti-spam protection feature. When this feature is activated, anyone who culls your email address from the whois (as domain slammers often do) will only get a “hashed” version @contact.gandi.net. You can know that emails sent to such an address do not come from Gandi.

If you encounter such a situation our key recommendations are to check the email headers for suspicious addresses and to double check the information provided in those emails (expiration date, domain name holder). This will protect you from mistaking a scam with a legitimate notification. In any case, do not hesitate toreach out to GANDI’s customer care teams, they will be glad to help you sort things out and make sure you are dealing with a legitimate reminder.