Online fraud – what could happen if you don’t renew your domain
We are all aware of increased cyber fraud and the irreparable damage it can do. In today’s always-online world, it is crucial to make sure that you don’t leave yourself open to being scammed.
This can happen if you are using an email address linked to a lapsed domain name, on third party websites like Facebook, Paypal, Amazon and others.
In this blog, we outline the risks associated with not renewing your domain name.
1. You could get hacked!
If your recovery email address for accounts on third party sites is the one connected to your lapsed domain, a bad actor has the ability to hijack your account on the third party service by requesting a password recovery. This could result in some very serious consequences.
- You could be defrauded out of your money. This poses a particular risk if the bad actor gets access to any of your third party accounts that involve e-commerce or financial transactions.
- There’s a risk of reputational damage to you personally or to your organisation. A bad actor could take control of your website or social media channels and post inappropriate content such as racial slurs, personal abuse, obscene content and it would appear to the whole world as originating from you.
Let’s look at an example. We’ll take exampledomain.ie to explain the situation.
- The owner decided not to renew their domain.
- At later point, a bad actor, using information available on the dark net, was able to find the various email addresses that were connected to the domain previously e.g. firstname.lastname@example.org, email@example.com, firstname.lastname@example.org. These details may have been part of previous data leaks on third party websites. The bad actor can easily check this data leak to see if these email addresses are used as recovery emails on third-party websites, platforms or social media accounts.
- The bad actor registers your previously owned domain name (this is less of an issue on .ie domains as we verify applicants, but it can still happen from time to time). The bad actor uses the password recovery email to reset the account and gain access. The bad actor now has control of your account and you are locked out. They can now make purchases using the funds in your account.
2. Domains are valuable – don’t give that away
If you have a website on your domain, it has value, particularly if it is an old domain, if it is in a specific niche and it has built up backlinks. Backlinks from authoritative websites can cost between €400 and €800 each. You don’t want to hand that value to a competitor. People regularly check for domains that have not been renewed and if they have domain authority they will purchase it and redirect it to another website. The best advice is to renew the domain, even if it is not actively used. At a future point, it can be used for a related business venture or indeed, sold to someone who has use for it.
Top tips to avoid online fraud – if you still want to delete your domain
If you decide not to renew your domain name, here are our top tips:
- Think before you delete. Make sure you have considered all of the associated risks – cyber, commercial, lost SEO and reputational – before you go ahead. Sure, you might save the domain renewal fee, but are the risks really worth it?
- Leave no trace. If you do decide not to renew your domain, it’s critical that you delete email addresses related to this domain.
- Inform others about your new working email address. Update any third party websites and/or online subscriptions that used the now deleted email address.
- Check your bank account’s recovery email.
- Check your social media contact details.
- Check reservation systems for your various online accounts – especially ones that you are using infrequently.
Otherwise, you leave yourself open scammed. Don’t be the ‘one’.
Changed your mind? How to renew your domain name
Check out our Renew your domain page where we outline the straightforward renewal process.
Mick Begley is our Chief Information Officer.