Businesses have been warned by the Australian Competition and Consumer Commission (ACCC) to keep an eye out for a new scam hitting mailboxes across the country.
However this time it’s not email inboxes that are being affected—scams are landing in the actual mailboxes of businesses. A wave of letters delivered to companies nationwide are offering registration of new domain names, but are disguised as invoices for existing domain names.
More than 100 businesses have already been caught out, with many believing the invoices are to renew already existing domain names. The ACCC warns there have been a number of reports of letters from “Domain Name Corp Pty Ltd”.
The unsolicited letters are offering a totally new domain name very similar in appearance to an already existing one owned by a business. For example, the invoice could include selling a website with a .com address when a business already owns one with a .com.au address.
The ACCC warns busy offices rushing to get bills paid over Christmas are common targets for these types of scam letters, and says, “letters dealing with domain names should be checked carefully”.
The letters themselves have the appearance of an invoice or renewal notice, with features like credit card logos, barcodes, or payment slips. Business owners pay the invoice without realising it does not relate to the domain they currently own.
Cyber security expert at Sense of Security Michael McKinnon told SmartCompany these styles of scams have been commonplace since the deregistration of .au domains in 2002.
“Company details can be found through online tools such as Whois, which display contact details associated with domain names,” McKinnon says.
“These are then matched against address databases, and letters are sent to the company itself.”
The letters themselves also tread a “thin line” when it comes to legality, as they often are selling legitimate domains, despite the disguises.
McKinnon says the unusual act of sending a hard copy letter is because letters are more likely to be opened and read, where emails can be caught in spam filters or easily ignored.
Busy offices are also more likely to pay invoice letters without hesitation McKinnon says, especially at this time of year.
“The letter lands on the desk of someone who assumes someone has already authorised paying it,” he says.
“Timing is also important, typically these letters will go out at Christmas and at the end of the financial year, where businesses want to pay bills quickly and get the books in order.”
SMEs “particularly bad” at renewing domains
Although there are no official statistics, McKinnon estimates 40% of business domains are renewed on the day they expire.
“Small businesses are particularly bad at managing domain name renewal. They’ll come into the office and realise emails are bouncing, and then they’ll renew the domain,” he says.
“Because of this companies can get anxious about the next time they have to renew their domain, so scams like this can be particularly effective.”
To avoid getting stung by dodgy domain name scams, McKinnon says to “always read the fine print” and seek advice if you’re still unsure.
“If it’s an invitation to register another domain name, consult with a web developer or SEO expert if there’s any value in acquiring additional domain names for your business,” he says.
“Generally if it’s not for intellectual property or genuine SEO reasons, there’s no reason why you need an additional domain.”