Domain renewal scams: the invoice you should never pay

If your inbox has ever flashed an urgent domain renewal bill with a countdown timer and a handy pay now button, you have seen the playbook. Scammers send professional-looking invoices and notices that mimic registrars, web hosts or even government bodies. The goal is simple: get you to pay a fake bill or sign in on a look-alike site so they can move your domain. When a domain moves, your email, website, and brand equity are suddenly at someone else’s mercy. The good news is you can shut this down with a few habits and two simple settings.

How the scam actually works

It starts with a scary subject line and a familiar logo. The email references your real domain and an expiry date that looks plausible. The link points to a site that copies your registrar’s style, or the invoice asks for a bank transfer to a new account. If you pay, the money is gone. If you sign in on their page, they use your credentials to change the registrant email, unlock the domain, and push a transfer. Once that happens, getting a domain back can be slow and stressful.

Three red flags you can spot in seconds

Red flag 1: The sender and the domain do not match

Look past the display name. If your real registrar is ExampleRegistrar.com, the email should come from that exact domain, and the link should end with that exact domain. Close is not enough. Examples like example-renewals.net or example-support.info are a tell.

Red flag 2: Urgent payment instructions that skip your usual process

Real registrars let you sign in and pay by card on file. Scams nudge you to a direct bank transfer or a new payment portal you have never used. Any message that insists on paying today by transfer is lining you up.

Red flag 3: Threats of suspension plus freebies you never asked for

Scams love pressure. They warn of immediate suspension or promise search engine submissions and brand protection with your renewal. Registrars do not bundle mystery services into a last-minute invoice.

Two settings that prevent most domain disasters

Auto-renew keeps you out of the panic zone

Turn on auto-renew at your registrar and keep a valid card on file. Auto-renew does exactly what it says: renews your domain before expiry, so you are not relying on inbox vigilance. If a scam invoice lands, you already know the real renewal will happen automatically inside your account.

Registrar lock stops unauthorised transfers

A locked domain cannot be transferred or have key details changed without unlocking it first. Leave the lock on all the time. Unlock only when you are deliberately moving the domain, then re-lock the moment you are done. Think of it as a steering wheel lock for your brand.

Your one-minute ownership check

You can do this right now without phoning anyone.

1. Sign in to your registrar directly by typing the address you already know. Do not use links in emails.

2. Open the domain’s settings page. Confirm three things: the correct registrant contact email, the expiry date, and that auto-renew is enabled.

3. Check that the domain is locked. The status should read locked or clientTransferProhibited.

4. Optional but smart: confirm the nameservers are the ones you expect for your website and email.

What to do when one of these notices arrives

Pause. Ignore the link. Open your registrar in a fresh tab the way you normally would. If the renewal is due, it will be obvious there. If you are unsure, forward the message to your trusted IT contact and ask for a quick sense check. Never switch bank accounts or pay new invoices based on an email alone. Use a known phone number to confirm any change.

If you already paid or clicked

• Move quickly and keep calm.
• Change the registrar and email account passwords, then turn on multi-factor authentication.
• Check the domain’s contact email, lock status, and transfer status. If anything looks wrong, lock the domain and open a support ticket with your registrar.
• If money was sent by bank transfer, contact your bank immediately to start a recall. The faster you act, the better your chances.
• Tell your web host and email provider so they can watch for suspicious changes.

A quick owner checklist for next time

• Keep the registrar login in a password manager shared with the right people, not in a single inbox.
• Turn on auto-renew and registrar lock for every domain you own.
• Use a role email, such as domains@yourcompany, as the registrant contact so notices are not tied to one person’s mailbox.
• Schedule a six-monthly calendar reminder to sign in and confirm details. It takes two minutes and avoids drama.

What to do next

Request a quick domain health check. We will confirm auto-renew and lock status, tidy up registrant contacts, and make sure the keys to your brand are not hanging on a hook by the front door.