Scam Alert: Domain name ‘quotes’ disguised as invoices


If you’ve ever registered a domain name (your website address eg online you’ve probably noticed soon after you’ll receive a large amount of unsolicited emails from all around the world for individuals or businesses offering their services.

Leaving valid contact information is a required part of ICANN’s WHOIS policy, but unfortunately this leaves your contact information open for anyone to access. Most of the time these will be offers for work or services and are pretty easy to ignore, but several times now I’ve come across what is basically a very clever scam designed to take advantage of business owners.

Here is how it works…

  • Your business has an existing domain name, let’s use the example of
  • A company sends you an unsolicited quote, that is designed to look like an invoice for a similar domain name, or a slightly misspelled version of the real domain. For example,,
  • Someone from your company gets the unsolicited quote, assumes it’s an invoice for the existing domain name, and makes the payment.

Often the prices for these domain name variations are exorbitantly expensive, and instead of paying the standard $10 – $30 per year that most top level domains cost to register, the amount if for a much higher amount, such as $300 for two years.

It’s quite a clever little scam, because the shady businesses involved in the practice are technically doing nothing wrong. They send through a quote, designed to look more like an invoice for an existing service, and the scam relies 100% on someone from the business not picking up the domain name difference. This ‘quote’ is often sent directly to reception, or the finance department and looks like any other invoice they might receive – to the non-technical minded it looks completely legitimate.

Keep in mind there is a real reason to consider purchasing these additional domain names. It’s a (usually) inexpensive way to cover your bases if a customer isn’t sure if your website is a .com, .net or similar . If your business has a name that could be easily misspelled then it’s also a smart idea to consider purchasing additional domain names to account for user error from your customers.

So how do you protect yourself against this scam? It’s quite easy. Check any invoices for domains that your business receives. These should be only from the current registrar from the domain, and take the time to check the domain name is actually the one you own, and not a variation. If anyone at the business receives an invoice for a domain, run it by your web developer or IT team to get confirmation it’s legitimate.