Getting emails or calls saying someone is making a claim on your web address? Many of these are scams. AusRegistry, the company that operates the .au domain registry on behalf of auDA, has compiled a list for tips to help domain registrants avoid domain name scams.
Here's our annotated version of that list.
1. Keep a record of your domain name expiry date and make sure to renew it when the time comes.
If you actively maintain your domain name registration, you're less likely to be fooled if a less ethical registrar emails you an order form or invoice designed to resemble a simple renewal rather than a transfer away from your current registrar. A variation we've recently seen involves an order form for unspecified 'SEO services' that we think was designed to trick recipients into thinking it was for domain name renewal.
2. Be cautious of requests to provide material to prove you would be the rightful user of a domain name - a scammer could steal this and put it to fraudulent use.
As a general rule, the only party that needs proof of eligibility is the registrar you chose when first registering the domain name. For example, you need to provide your ABN or similar as part of the process of registering a .com.au or .net.au domain name. Any other requests should be treated with scepticism - it probably isn't wise to completely ignore an allegation of trademark infringement or similar, but do make sure that the organisation making the allegation is legitimate and authorised to act on behalf of the trademark owner.
3. Use your common sense and be aware [that] no reputable ISP or email service supplier will ever ask you to send your username and password via email.
That also applies to registrars and your domain password!
4. If you receive unsolicited emails or letters offering investment opportunities, items for sale, or requests to 'connect' - be alert to things like spelling and grammar mistakes and inconsistencies in their stories.
While that is good general advice, it also applies to unexpected messages purportedly from your domain registrar. It is possible that someone is trying to gain control of your domain. Remember that some of the personal or business details relating to a domain name are available to anyone via a whois query, so being addressed by name provides no assurance that the email actually came from your registrar.
5. If you notice a supplier's usual bank account details have changed, call them to confirm.
That's another general tip, but if for some reason you pay for domain name renewal by bank transfer rather than credit card it would be worth checking before remitting to an unfamiliar account. It might be genuine, or it might be that someone's trying to steal your money (unlikely unless you have a large number of domains expiring at the same time) or hoping that interfering in the renewal process will cause your registration to lapse, allowing them to snap up the name for themselves or their clients.