Blog
Broken Up With Your Web Developer?
Learn how clearer expectations, ownership and communication build a better website relationship.
23 May 2026
No Comments
Imagine this. You’re working through your inbox on a Friday afternoon when an email catches your eye. It looks official. The logo matches, the language feels right and it says your domain will be suspended unless you act today. It even lists your real domain name. You pause for a moment, hovering over the link, wondering if it’s real.
This is how good phishing scams work. They don’t scream for attention; they copy the tone and timing of real communication. They use publicly available information, like your domain and expiry date, to build something convincing. It isn’t spam in the old sense. It’s a mirror of the real thing, designed to find you when you’re busy and least likely to question it.
The most successful scams don’t rely on tricking the careless. They rely on timing. They appear between client calls, when you’re distracted and just want to clear your to-do list. They use urgency because it works. If they can get you to react fast, they win.
That’s why the best defense isn’t software or filters, it’s awareness. It’s the short pause before you click. A moment to think, “Would my provider really say it like this?”
Real renewal notices come from your actual domain provider, the one you chose when you registered your domain. They refer to your account details and ask you to log in directly. Fake messages avoid specifics and push for action through a link. They make big claims, like losing your website within 24 hours, because fear is faster than logic.
The simplest way to check is to go to the source. Don’t follow the link in the email. Open a new browser tab, type your provider’s address and log in there. If something needs your attention, you’ll see it. If you’re unsure, forward the message to your provider’s support team. They’ll confirm it quickly.
Phishing emails look “almost right” on purpose. Before you click anything, run this quick check. If you spot even one red flag, slow down. Scammers hate a calm person with a keyboard.
Before you click, check:
The sender address is truly from the organisation (not just the display name). Look for lookalikes like extra letters, dashes, or weird endings.
The Reply-To matches the sender. If Reply-To is different, that’s a classic trick.
The email is specific in the right way. Real providers reference your account, not vague threats.
The message is pushing urgency or fear. “Suspended today”, “final notice”, “24 hours left” are favourites because panic makes people fast.
The link goes where it claims. Hover over the link on desktop (or press and hold on mobile) and check the actual web address.
The link does not take you to a login page you weren’t expecting. Especially if it asks for your password straight away.
The email asks for something providers do not ask for. Passwords, 2FA codes, payment details, or “confirm your login” via email is a big no.
There’s an unexpected invoice or payment request. Bonus suspicion points if it’s “urgent” and you’ve never seen that billing style before.
Attachments are unexpected. “Renewal notice.pdf” is a common disguise for trouble.
The tone feels slightly off. Weird grammar, odd phrasing, or formatting that looks copied and pasted can be a clue.
It’s trying to move you away from your normal process. “Pay here”, “update now”, “reply with details” instead of “log into your account”.
You cannot verify it independently. If you can’t confirm it via a separate channel, treat it as suspicious.
A simple rule that works: if an email is trying to hurry you, it’s probably trying to borrow your money permanently.
The biggest change is this: phishing emails don’t look dodgy anymore. They look like the messages you already receive, written in the same style, at the same time of day, using the same kind of subject lines. The goal is not to fool your spam filter. The goal is to catch you in a moment when you are busy and slightly impatient.
A few patterns are showing up more often lately:
They copy real brands, then nudge you into a login.
Instead of asking for credit card details upfront, many scams send you to a convincing sign in page. Once they have your email password, they can reset everything else. That is why so many phishing emails look like “account alert”, “security update”, “password expires”, or “domain renewal”.
They use QR codes and mobile friendly tricks.
Some messages avoid links altogether and drop in a QR code, knowing people will scan it on their phone. On mobile it’s harder to see the full web address, harder to spot tiny spelling changes, and easier to just tap through. It feels modern, which is exactly why it works.
They hijack real conversations.
Not every phishing email starts from scratch. Sometimes scammers break into one mailbox, then reply inside an existing email thread. Suddenly the message looks familiar, the tone matches, and it arrives in the middle of a normal conversation. That is when people stop checking the basics.
They go after payments and bank details, not just logins.
Invoice scams are still common, but they have become more patient. They might wait until a routine payment is due, then “update bank details” or “resend the invoice” with a new account number. It looks like admin. It is actually theft with a calendar.
The takeaway is not to become paranoid. It’s to accept that “looks professional” is no longer a safety signal. The safety signal is process: pause, verify at the source, and never let an email be the place where you make account or payment decisions.
Many phishing attempts arrive in shared inboxes or with people who process routine admin tasks. If one person spots a fake, everyone should know what to look for next time. The same awareness that protects you can protect your whole business.
A short discussion now can prevent an expensive mistake later. Ask your team to slow down before clicking any renewal links, and to double-check the sender’s address. Encourage them to forward anything suspicious to you or your technical contact rather than replying.
Keep your contact details up to date with your registrar so genuine alerts reach you first. Many providers also let you hide your domain information from public records, which helps stop scammers using it.
It’s also worth turning on two-factor authentication if your registrar offers it. That’s the short code you receive on your phone or authenticator app when you log in. It’s a small step that adds a powerful extra layer of protection. Even if someone has your password, they can’t get in without that code.
If you do click a scam link, don’t panic. Close the page, go to your real registrar and change your password straight away. Let them know what happened. They see these situations every day and can help you secure your account before any harm is done.
The key is to act methodically, not quickly. Scammers rely on panic. When you pause and check, their power disappears.
Knowing the signs is the first step. Sharing them is the second. Most scams fail when even one person in the chain knows how to stop and check.
Run our 20-minute lunch-and-learn with your team. Use the examples, the scripts and our printable one-pager so everyone remembers the lines that keep your store safe.
Staying safe online isn’t just about software. It’s about people who know what to do when something looks off.
Did you enjoy this read? Release Notes is a newsletter that lands in your inbox once a month with one focused idea, a quick how to, and a tiny check to measure progress. Subscribe to get a monthly note focused on better site management, optimised websites and steps you can take to make your site more secure.
Short reads, real results.
Learn how clearer expectations, ownership and communication build a better website relationship.
Using Substack with a membership site? Learn the risks, smarter alternatives, and how to keep your website at the centre.
Choosing a web designer is easy to do quickly and expensive to undo. Here are 15 questions to compare proposals and get the best result.
[asporea_chat]
