Fifteen Logo
blog

The Latest IONOS Scam: Domain Renewal

February 22, 2024

Every day there seems to be a new phishing scam that we all need to be aware of. Scammers are becoming more and more convincing with their sophisticated tactics and it’s not just individuals that can fall victim to these clever phishing scams. Businesses also need to be on the ball with the latest scams and as a digital agency that cares about our clients and the wider community, we feel it’s our duty to keep you updated.

This week, we’ve been made aware of a new type of phishing scam specifically targeting domain customers of IONOS. IONOS are a domain registrar that the Fifteen developers utilise. They offer great service, support and have a wealth of Domains, Top-Level Domains (TLD) and Second-Level Domains (SLD) available. However, they do seem to have been targeted threat actors.

Keep reading to learn all about the latest IONOS scam and how you can avoid falling victim to it.

What’s going on with this IONOS scam?

Quite simply, someone is sending out emails to owners of domain names which are registered with IONOS. The content of the email alludes that the customers domain is about to expire and if they don’t renew quickly, their domains will be lost. As you’d expect, the wording of the email is very strong and is intended to provoke fear and panic. The emails themselves are quite convincing and are fully branded to IONOS normal standard. The wording is also very professional and doesn’t contain the normal spelling and grammatical errors red flags you’d normally see in phishing emails.

What are they trying to achieve?

They’re trying to take your money! The email states that IONOS have attempted to renew your domain but the payment failed and features a button to click which will take you to a renewal payment form. Of course, that money will never make it to IONOS. Chances are, you won’t even be charged the €9.99 they state you need to pay to renew your domain. What is certain though, is that your card details will be sold on the dark web.

How can I stop this IONOS scam?

A domain name has certain publicly available information registered against it, and this is usually in the form of contact details (admin/technical/contact etc.). On this basis, there isn’t a great deal you can do stop receiving the emails, but there are a number of things you can do if you receive such an email to ensure it’s legit:

1. We take care of your domain

The first thing to note is that if you’re a client of ours, we take care of your domain and you shouldn’t receive any payment requests from IONOS. We take care of this for you. So if you receive an email like we’ve described above, it’s more than likely a scam and you should ignore it. If you’re unsure, you can contact us for more advice.

2. Check your domain renewal date

In the examples we’ve had visibility of, the domain name(s) in question are not near their renewal date, so it’s important to know when your domain renewal date is. You can use a website like Domain Tools to check your actual renewal date and perform a ‘whois’ lookup. Simply enter your domain name and then in the return information, look for your “expiry date” or “renewal date”.

3. Check the ‘FROM’ address in the email

If you receive a IONOS scam email, check the ‘FROM’ address because at first glance, it might look like a legit email address but generally, when you look deeper it can be pretty obvious that it’s a phishing email. In Gmail for example, you can click the 3 dots at the top right of the email and click ‘show original’. What you see here might look like nonsense but search for the word ‘from’ and it might just show you the actual email address the email is coming from.

4. Check the payment link

It’s very important to not click any links within the phishing email. Instead, hover your mouse over the payment button and your browser will usually show you the link in the bottom right or left hand side of your screen. One of the scam payment URLs we have seen looks like the below.

hxxps://ionos-secure-manager-pmiv8.ampfibian.co.nz/ml/?domain=yourdomain.com&[email protected]

5. If in doubt, don’t do anything

If it doesn’t feel right, it probably isn’t! If you’re unsure, you can forward the email over to our Technical Director, Sam, [email protected] and he can give you more advice and very quickly tell you if the email is legit or not.

Speak to our experts for more advice

We hope we’ve provided you with more insight in to this latest IONOS scam. If there’s anything you takeaway from this, it’s to not act if you receive a domain renewal phishing email and contact the experts here at Fifteen for more advice. Alternatively, you can check out some resources on this subject IONOS website.

Share

GET MORE

WANT REGULAR BLOG UPDATES TO YOUR INBOX?

Stay on top of your digital game with our blog updates.

Newsletter
More posts

OTHER BLOGS YOU MAY WANT TO READ...

Get a free, INSTANT SEO audit of your website – discover how well your site is performing on Google