SSL Certificate and Domain Transfer Scams – How to Identify Them

11-2-2017 2-53-27 PM
This article will help you spot scams which often come in the form of phishing emails or less often as phone calls.


If something seems suspicious. Trust your gut feeling. It probably is a scam. Scammers are getting more and more sophisticated, in attempts to get the less cautious to not only hand over personal and company information, but to gain access and control over your SSL certificates and Domain assets. They can gain much public information just from doing a search on the Internet with any of the “Whois” domain search engines. It is often left to you to pick up on the signs that something is not right by using common sense.

How to Identify and Avoid being Scammed

  • You should know which company is your domain registrar, and issuer of your SSL certificates. It will be the same company you have initially purchased them from unless you have made changes away from them yourself. Your SSL certificates do not need to be issued by the same company that you registered your domain with. So it is important to keep track of this information.

11-2-2017 2-54-10 PM

  • Emails from scammers can look extremely legit, and official, but do not let that fool you, look for the signs, and confirm the information yourself if needed. Never respond to or engage the scammers. Once they know there is a real person at the other end it will open up the potential for even more problems. Often these scams can come in the form of emails, phone calls and even letter mail. They will indicate that your domain or SSL certificate is expiring and in order to avoid losing them you must urgently renew them immediately, they also tend to quote pricing which is much higher than what you are actually paying. The underlying process that they are trying to accomplish is to get you to actually transfer them your Domain and/or SSL certificates under false pretense. If you were to actually do this, you would be giving them full control over your domain, including DNS records which control your email, and your websites, and more. Also, let’s not forget that these scammers are also after your credit card information. So be very cautious.
  • Use the tools available to you. They are the same tools that the scammers are using to check your information. The “Whois” searches will provide them with contact information, and expiry dates of domain, and much more depending on which tools that are used. One way to proactively protect against this is to pay your Domain registrar a little extra for Domain Privacy. This will essentially block much of your domain information from being publicly available.


The Bottom Line:

Buyers beware. Never provide your credit card information or your Administration access to anyone who claims to be your Domain Registrar or SSL certificate issuer. Always check the facts first. Do your own research to confirm the facts. It is better to be safe than sorry! Often you will have plenty of time to verify the facts of expiry and who the real providers are. They will often give you fair notice well in advance and not at the last minute. It is extremely important to know when your domains are going to expire.
11-2-2017 2-57-49 PM
Here is a scenario that actually happened.  The email address of the domain holder changed so he didn’t get his notices.  The domain expired.  A domain company caught this and registered it.   The business is now being asked for $2,500 in ransom to repurchase the domain.  Just another example of how scammers can exploit your business and steal your money, and much more.
Lastly, remember, never click on any links that they provide in emails. (You can often confirm those links are fake by hovering above them).
Paul Comtois is a Client Support Specialist at Triella, a technology consulting company specializing in providing technology audits, planning advice, project management and other CIO-related services to small and medium sized firms. Paul can be reached at 647.426.1004. For additional articles, go to Triella is a VMware Professional Partner, Microsoft Certified Partner, Citrix Solution Advisor – Silver, Dell Preferred Partner, Authorized Worldox Reseller and a Webroot Reseller.
© 2018 by Triella Corp. All rights reserved. Reproduction with credit is permitted.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Follow us
Subscribe to our newsletter