DNS Services Scam
Have you recently received an invoice from a company called “DNS Services” for your annual renewal of “Managed DNS Backup Business Service”? Be aware that this isn’t a bill at all. This is a solicitation from DNS Services to get you to buy a service that you don’t need dressed up to look like your domain renewal invoice from your service provider.
Here’s an example that a client sent us:
If you receive a bill from your DNS provider that you’re not expecting, don’t just pay it. The first thing you should do is make sure that the correspondence is actually sent from your legitimate DNS services provider.
How do you know who your DNS service provider is?
The best thing you can do to arm yourself against scams like this, is learn who your service provider is. To do this, you can go to a free WHOIS lookup site, such as ICANN, to view who the Domain Registrar is for your website. Simply type the domain of your website into the search area to look it up.
As shown here, this information can tell you who your service provider is, and when your domain will expire. Our service provider is GoDaddy, and our domain registration will expire on January 2nd, 2019. With this information you can know who you should be expecting invoices from, and when they might be coming.
A related email scam that you might receive could look like this:
Final Reminder: Domain cancellation notice
You have 1 domain name registration pending.
This solicitation is to inform you that it’s time to send in your search engine registration for yourcompany.com.
Failure to complete this order by 10/29/16 may result in the cancellation of this offer (making it difficult for your customers to locate you, using search engines on the web)
Act soon! This offer for yourcompany.com will expire on 10/29/16. Act today!
RENEW NOW <http://domaincompletion.com/etc…>
nsubscribe/etc…..> from these alerts.
Always verify the source of any email like this to make sure you’re being accurately informed. Again, you can check the actual expiration date for your domain and registrar with a simple WHOIS lookup.
If the correspondence you receive is from your true DNS provider, but you weren’t expecting to receive a bill any time soon, verify the payment online or through standard communications with the company.
If we’ve registered a site for you and you have any questions about your DNS service provider, please don’t hesitate to contact us for more information about it.
General Tips for Protecting Yourself From Phishing Scams
Phishing messages are designed with the intent of stealing your personal identifying information, such as usernames, passwords, credit card numbers, or banking information. These messages are often designed to look as if they are coming from a reputable source. Phishing tactics evolve with time, and you always need to stay up on how to protect yourself and personal information.
How to avoid phishing scams
- Avoid using email links.
- Email links can be manipulated to seem legitimate, but direct you to fraudulent sites. Unless the email source is verifiable, go the that business website or account as you normally would outside of the email.
- Never reply to an email with your full credit card number or details.
- If a business is requesting your credit card information, you should be able to submit the information while securely connected to their website. If you do need to send personal identifying information to a verified source through email, you can break it up into different messages to protect it from being stolen.
- Call phone numbers from the main website.
- It would be easy for a scammer to include a fraudulent phone number in an email to you. Look up the number for the company on their website to ensure you talk to the right people.
- If something seems too good to be true, or not quite right, verify it by standard communications with the business.
- If an email uses broad greetings like “dear customer”, or messages requiring urgent action, verify the message through standard communications with the company. Typically, a customer will contact a company for assistance when a problem occurs – not the other way around.
- In general, don’t give out personal information without verifying the source.
How to tell if an email link is legitimate:
Sometimes email links can be faked by writing a legitimate looking URL, and then linking to a different page. For example, the email link could read “www.yourinsurancecompany.com/payments”, but the actual link could be directed to the url, “www.fruadulentscam.com”.
If you’ve been sent a link in an email, no matter its source, you can always right click on the link, select “copy link address”, and then paste that address into a text document. This will reveal the actual url address sent in the email. If you’ve received a link in an email from a source that you cannot verify, or question the legitimacy of, you should avoid using the link all together.
How to tell if a website connection is secure:
Make sure your website connections are secure before using and entering personal information. A standard HTTP connection communicates in plain text. This means that anyone who breaks the connection between your browser and the website can read information being communicated (credit card numbers, passwords, etc…). With an SSL certificate, an HTTPS connection will encrypt that data so that no one can read or decrypt the information if intercepted.
To check your connection you can first note that the beginning of the URL in question reads “https”. In most browsers, when you are securely connected to a website, you will see a variation of a ‘padlock’ icon next to the web address. Furthermore, when you see this icon, you can click on it to verify the details as shown below:
Keep This in Mind
Phishing tactics and cyber threats are constantly evolving. If your gut is telling you something is off, question it. In a world where personal online privacy is a growing concern and global topic, you need to make sure you’re doing everything you can to keep your personal identifying information safe and in the right hands.