Domains play a quintessential role in all online transactions and services. What is their significance in online scams, and how to keep domains secure? Pay attention to a few small details and you’ll be able to tell scams and legit websites apart!
Domains of Many Kinds
Nowadays, instead of typing the domain (such as seravo.com) to the address bar of an internet browser, one might have the habit of typing it into a search engine and click its results instead.
Considering cybersecurity, the situation is less than ideal. The link or advertisement in the search results may not lead to a genuine site, but to a legit-looking scam site that may attempt to steal your data.
It’s often said that one should be wary of any malicious links which may also lead you to a fake website. How to be able to spot whether or not something is a scam? A suspicious domain can help you recognize a spoofed website.
What Is a Domain?
Domain – Visible on the address bar of your browser, such as seravo.com.
Top-level domain (TLD) – The latter part of domains (such as .com, .org, .net).
Imagine this: you’re typing something on the address bar but get distracted, and now the domain you entered contains a mistake. Thanks to this typo, you may end up visiting a completely different website than you intended, one set up by an online scammer. The scammers may also try to break into third-party services (such as DNS) to redirect your visitors to a potentially malicious website they have crafted.
Online Scams Are More Common than You Think
While spotting an online scam may be difficult, typing the correct domain on the browser’s address bar is essential in ensuring you won’t be the next victim of a scam.
- Watch out for messages and other unexpected communications that ask you to take action or contain links.
- Ensure that any messages are actually coming from where they are supposed to. Access and log in to websites securely: type the domain to your browser’s address bar, or use a bookmark you have saved. Do not use links provided by search engines. If the online service has a dedicated application, use it.
- Warn others: your family, friends and colleagues. Report any scams to the relevant authorities.
Spotting a Scam Isn’t Easy
For example, website owners may receive blackmail messages claiming that their site has been hacked. Typically these messages demand payment to prevent data leaks or other unpleasant actions. These scams are however poorly executed, as they put the site’s security under closer scrutiny. Once the site is scanned for anomalies, it may soon be discovered that the scammer’s claims are unfounded and that no security breach has actually occurred. Seravo’s WordPress experts are trained to identify online scams.
At Seravo, every website is scanned daily for security breaches, but we also check suspicious messages on our customers’ behalf. As Seravo’s customer, you don’t have to be alone and wonder whether or not an incoming message is a scam: we check the message and investigate your site, so you can be sure that your site remains secure.
Dangers of Third-Party Services
Far more insidious is a data breach that no one notices – at least not right away. If your site is using third-party services, they may be a good target for any bot seeking to breach your online service. External resources, services and integrations are not necessarily included in day-to-day routines, or even worse – keeping an eye on them is not anyone’s responsibility. From the viewpoint of a WordPress website, third-party services may include website analytics, social media integrations or marketing tools, such as newsletter delivery services.
How to assess the security of a third-party service? It’s crucial to pay attention to user credentials when determining whether they’re secure or not. Is the password strong enough? Is two-factor or multi-factor (2FA, MFA) authentication available and enabled? Can you use SSO (single-sign on)?
Keeping passwords secure is a fundamental pillar of information security. Stay up to date on WordPress security by reading our previous blog posts!
Identify Scam Sites
Unfortunately, scam sites can be so carefully crafted that it is extremely difficult, if not impossible, to tell one from the other. In a hurry or under pressure, even the trained eye can mistake the site that pops up in front of you. To protect yourself from scams, consider at least these things:
- Does the site look odd in any way?
- Does the address bar show the correct domain?
- Does the domain match what is shown in search engine results?
- Is the connection secured with HTTPS?
Tips for Registering Domains
In conclusion, domains play an important role in everyday operations of any business. Due to their importance, they can be utilized in cyber attacks in various ways.
When registering a domain, should you go for a short or long one? Concise domains may be easier to type, but on the other hand, remembering abbreviations can be tricky. Then again, domains that are too long should be avoided as they’re difficult and time-consuming to type. The ideal domain should therefore be easy to remember and write.
How many domains should be registered, and how many domains does a business really need? It may have been advisable to register all possible TLDs back when only a handful of them existed. One thing to consider is the threat of a scammer registering a domain that resembles your actual domain, and another is to consider the domains’ prices. The cost of keeping a domain registered varies widely, and registering many domains can be pricey.
Decide the Scope
Think about the market your business is in, and register the domains that are geographically relevant. If your company operates in the Nordic countries, it would be a good idea to register country-coded TLDs such as .no, .fi, .se and .dk, for example.
Country code top-level TLDs (ccTLDs) have varying conditions for how and who is able to register them. For example, in order to register a Canadian domain (.ca), it is required that your business is actually conducting business in Canada.
Focus on the Essentials
As illustrated by this listing from IANA, there are nowadays more than a thousand top-level domains. One should register at least the most popular ones, such as .com, .net and .org.
It’s also a good idea to go through the top-level domains and select those that are relevant to your business or expertise. For example, .io and .email are essential choices when working in the IT sector, while .health and .beauty are more relevant for a beauty parlour.
Wise Up to Mistakes
If the name of your business is easy to misspell, it may be a good idea to register some of the most common typos or mistakes your users or visitors could end up making. For example The Best Company Ltd would of course register the domain thebestcompanyltd.com, but also bestcompanyltd.com. If the business name is an abbrevation, the risk of misspelling its domain increases. It may be a good idea to consider which letters are close to one another on a keyboard or sound the same over the phone. If you’re running a business, chances are you can think of some examples already!
However, don’t get too carried away with registering all possible misspellings or all the TLDs. Focus on the most common errors and the domains that are the most likely mistakes your customers could make. Even better, find a test audience and run some user tests to observe how your website is used to recognize the most common typos and navigation errros.
Seravo’s Hosting Plan Includes It All
At Seravo, one domain is always included in the price of a WordPress hosting plan, and additional domains can be registered for a small fee. We automatically renew your domains, so you don’t have to worry about their expiration. If you are already a customer and would like to register an additional domain for your WordPress site, you can also contact us and we’ll take care of it for you. Registering a new domain will be a snap!
Looking to maintain a domain only, without hosting? We recommend our partner Domainkeskus to get started cost-effectively and reliably!
Life Cycle of a Domain
What to do when a domain is expiring? You can always register new domains and let old ones expire, if you no longer need them. Once a domain expires however, there is a risk that it ends up being registered by someone else, and used for something else entirely, be it for legitimate or malicious purposes.
The more long-lived and well-known a domain is, the more trustworthy it can be in the eyes of search engines. In other words, a long-lived and trusted domain is better for search engine optimisation (SEO.) Keep this in mind when registering domains, and when letting expired ones go!
Subdomains
Instead of registering a domain for your sales or marketing campaign only temporarily, consider using a subdomain instead. The advantage of a subdomain is that you only need to configure it – no registration or payment needed. What’s more, you don’t have to worry about its expiry date either. The only thing you have to remember is to redirect the subdomain’s traffic back to your main site once the campaign has ended. Of course, Seravo is able to assist you with all the necessary subdomain configuration and its redirection – all included in the plan!
Beware of Domain Scams
Got a shady phone call claiming that a foreign company or entity intends to register domains that are almost identical to those used by your business? Online scams are almost as old as the internet, and this is a typical domain scam that’s known across the globe.
In a domain scam like this, the owner of the domain is persuaded to buy and register additional domains, even if their registration is not compulsory, or at least not as important or urgent as the phone call suggests.
It is always recommended to register and maintain your domains via a trustworthy registrar, and to dismiss such phone calls or emails.
How to Deregister a Domain
Did your domain expire, and was it taken over by someone else? Is the new owner infringing your copyright or trademark? Deactivating a domain name can be a lengthy process, but is possible.
Has a domain you own expired and been taken over by someone else? Is there a domain registered under your company name or protected trademark that is directing visitors to a malicious site? Deactivating a domain name can be a lengthy process, but it is possible. If all else fails, you can submit a complaint to ICANN to report domain abuse.
Automatic Domain Renewal – All the Essentials for Your Domain and WordPress
At Seravo, registration and maintenance of one domain is always included in the price of a hosting plan. Additional domains can also be added to the plan for an additional fee. The price covers all fees for the domain’s maintenance, SSL/TLS certificate as well as automatic renewal as long as your site is hosted at Seravo.
Even some famous online services have been taken offline without an automatic domain renewal. Let Seravo take care of your domains and you get to focus in building your site!
When placing an order for a hosting plan, just mention them on the order form. If the domain is not registered, we will register it for you when processing your order. If the domain is already registered and managed elsewhere, you can transfer it to Seravo by sending us the necessary information for the domain transfer via the order form or by e-mail.
Suspecting a Scam? Here’s What to Do
Did you receive a suspicious message about your website, or do you suspect you were the target of a domain name scam? Do you have any other questions about the security of your site? Contact us any time at help@seravo.com, we’ll ensure your website and domain are secured!