Domain name scams: what identity teams need to watch for

TL;DR: Domain name scams use fake invoices, renewal notices, appraisal requests, and transfer pressure to trick businesses into paying fraudsters or handing over control of a legitimate domain, according to DigiCert. The pattern matters because the attack succeeds by exploiting trust in domain identity, not just email hygiene.

NHIMG editorial — based on content published by DigiCert: Common Domain Name Scams and How to Avoid Them

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should security teams verify domain renewal requests before paying them?

A: Teams should verify every domain renewal request by going directly to the registrar portal, checking the account status, and confirming the request with a known internal owner before any payment is approved.

Q: Why do domain name scams still work against well-run businesses?

A: They work because they exploit urgency, authority, and routine administration.

Q: What breaks when domain locking is not enabled on important domains?

A: Without domain locking, a fraudulent transfer request can become a real registrar change far too easily.

Practitioner guidance

• Verify registrar requests out of band Require staff to confirm any renewal, transfer, or appraisal request by logging directly into the registrar account and checking the request status there.
• Lock critical domains and protect registrar access Enable domain locking, enforce MFA on registrar accounts, and restrict who can approve domain changes.
• Review WHOIS exposure and trademark coverage Check WHOIS records for accuracy, reduce unnecessary public exposure where possible, and register key related domains before attackers can use lookalike registrations to confuse customers or support fraud.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

• Examples of the five scam types and the exact wording patterns used in fake notices
• Step-by-step advice for checking renewal, transfer, and appraisal requests safely
• Practical domain protection steps for businesses that manage multiple registrations
• Additional context on DNS Made Easy and DigiCert's related DNS security services

👉 Read DigiCert's guide to common domain name scams and avoidance steps →

Domain name scams: what identity teams need to watch for?

Explore further

View Full Forum →  |  NHI Foundation Course →