Common website scams and how to prevent them

Any time you make a new purchase that has a public record associated with it, you open yourself up to an unfortunate barrage of spam and scams. If you’ve bought a house, you’ve probably received plenty of mail about refinancing and transferring your mortgage. If you’ve bought a car, you’ve probably received those fake “extended warranty” phone calls. Unfortunately, a website is no different. Because your site is accessible to the public, you might be the subject of potential scams from time to time.

What types of scams are common for website owners?

From false promises of huge payouts from Nigerian princes to threats of misfortune if you don’t forward or share an email or post, scams and lies are prominent throughout the internet. However, a few common themes are prevalent in scams targeted toward website owners.

Domain renewal scams

When you register a domain, a public record of the transaction is stored with an organization called ICANN. This means your contact information is available to the public unless your hosting company provides you with another option (more on that later!). Scammers can peruse ICANN records with a public search called Whois to find out names, addresses, phone numbers, and other information related to the owner of a website. The then can target you with scams that sound legitimate because they know your name and the name of your website. Most frequently, these scams try to get you to move the ownership of your domain to their company. They offer what appears to be domain registration renewal services, except that the service is coming from a company that didn’t originally host your domain. You’ll end up transferring ownership of your domain to another company without even realizing you’re changing companies if you don’t pay close attention. This is a practice known as “domain slamming.”

We recommend never doing business with these companies. Make sure to remember which company you used to register your domain, and only respond to that company. If you want to switch your domain registration to another company, only respond to that company after you make the switch. Don’t change companies because of an email or letter in the mail.

SEO scams

SEO scams are particularly ironic. Scammers will typically use search engines to discover websites they haven’t contacted before, and then they’ll send an email claiming to be an SEO expert who can help you improve your recognition on search engines. See the irony? They wouldn’t have found you in the first place if you weren’t already performing well enough for them to locate you through search engines.

These types of scams are especially dangerous, because you don’t want to give a scam company access to log into your website. At best, they might do a bad job of optimizing it for search engines. But they could also take the entire site ransom or infect it with malware. Avoid these scams at all costs.

Other less common scams

The two scams above are the most common, but other scams also exist. Sometimes scammers will offer to buy your domain or sell you domains similar to the one you already own. Scammers also sometimes promise “trademark protection,” claiming other people have bought domain names you have trademarked.

What steps can you take to prevent getting scammed?

You can take several steps to prevent these scammers from taking advantage of you.

First, enable domain privacy protection. This will prevent scammers from having a way to contact you through the mail, and will potentially limit some email-based domain renewal scams as well.

Second, use a CAPTCHA on your contact forms. We shared this tip before when we provided tips for limiting spam from your website’s comments, but a CAPTCHA is also useful on contact forms for the same reason.

Third, be skeptical any time you receive a direct solicitation that you haven’t specifically requested. Think of cold emails and mailers with the same level of skepticism you would have for a door-to-door salesman or telemarketer. They’re not all bad, but you always want to be on high alert. When someone reaches out to you directly, you have no way to verify their validity, integrity, or quality. It could be an honest person trying to make a sale, but it could also be someone who can’t find business any other way, or even worse, a scammer.