I donâ€™t typically get a lot of mail; all of my major bills and alerts are sent to me via email. The bulk of the physical mail I get is comprised of newsletters, catalogues and mail for people whoâ€™ve previously lived at my place. When I received a light beige envelope resembling those the government uses for their notices, I was a little curious. Was the government sending me news that I was eligible for a new tax credit?
The senderâ€™s address was Domain Registry of Canada and it looked very official with an image of a maple leaf next to their address:
One thing stood out to me about my address; I noticed that my last name was misspelled – and not just the usual all-one-word mistake, either.
I opened up the letter and found this:
I have to say, I was pretty confused. Why was I getting a domain renewal notice from someone other than my registrar? Why was I being contacted – by mail, no less – aboutÂ a domain thatâ€™s due to be renewed in December of this year? And why oh why was the renewal price $40.00 when the cost is typically around $11?
The domain in question is one I use for testing purposes and one I havenâ€™t used in some time. I wondered how Domain Registry of Canada obtained my mailing address and then I realized my mistake: I likely did not set the WHOIS information on that domain to the privacy settings that I usually do.
A quick search confirmed my suspicions; my forgetfulness had resulted in my information being made public, letting Domain Registry of Canada (and others like them) harvest my address to send me their letters.
I logged into the necessary account and updated the WHOIS information for that domain to ensure that my information was no longer visible. I then visited the Domain Registry of Canada website. (I wonâ€™t be linking to them from here so as not to send them any traffic.)
Their website is pretty simple and has the usual pages you would expect a registrar to have – Register a domain, Renew your domain, Search Engine submission, amongst others. With the red colours and Canadian flag as part of their header, I can see why people would think they were an official government site.
I then did a Google search for â€œDomain Registry of Canadaâ€ + â€œscamâ€ and sure enough, there were several results. Most of the them were blog posts and articles from people who had lost money as a result of receiving a letter similar to the one I got today. Other articles outlined the stories of people who lost their websites because they unknowingly transferred the site to Domain Registry of Canada. The Better Business Bureau also had a listing for the registrar and not surprisingly, there have been a number of complaints against the company.
What really made me pause when I first read the letter was that I thought it had to do with the domain for this site – which is, as you can see, .ca. All Canadian domains (.ca) are managed by the Canadian Internet Registration Authority (CIRA). Â When I received the quasi-offical looking envelope, I assumed that it was from CIRA. Of course, thatâ€™s what Domain Registry of Canada hoped for, that i would be unsure and make a decision without fully checking things out.
The company itself is a legitimate – albeit a very expensive – registrar. Theyâ€™re providing services at triple the price they typically are elsewhere. They even included a self-addressed envelope to facilitate the payment reaching them quickly. It was a very thorough and well done direct mail attempt at scamming me.
How can you avoid falling for this type of scam?
- Online or offline – be vigilant. If you get a notice like this out of the blue, don’t be afraid to question it. If someone else maintains your site, reach out to them to get their opinion.
- Keep the WHOIS information for your site private. This will ensure that your information isnâ€™t available to be found by companies like this.
- Keep your domain locked. This will help prevent a company like Domain Registry of Canada from transferring it away from you.
- Donâ€™t be afraid to do a little research. A quick Google search can help you gauge what kind of company it is.
- Donâ€™t pay the invoice just because it looks like an official invoice.
- Remember – an average domain renewal ranges from $11 – $14 depending on the extension. Anything beyond that is suspicious.
Got any other tips on how to handle scammers like this online? Leave a comment below or shoot me a message.