Hosting fraud is a little less common. Normally, people have a little more of a personal relationship with their hosting provider so it makes it tougher for people to get scammed.

Below is an example of hosting fraud a few of our clients have received:

From: domainsupport@core.com
Sent: 12/7/2009 10:56:57 A.M. Eastern Standard Time
Subj: Important Notice Affecting Your Website

Dear Valued Customer,

We are currently upgrading our systems to provide better quality and reliability for our web hosting customers. Your website superiorservicesrsh.com is currently scheduled to be moved to a new server on December 11th. We will keep a copy of your website on its current server for one month following this date.

Our records show that you are not using CoreComm\'s nameservers. Please contact your current domain service provider and give them your website\'s new IP address: 169.207.67.113. They should point your domain name to this IP address beginning on December 11th. *** This change must be made for you to continue to update your website. Additionally, your website may be inaccessible after January 15th if this change has not been made by that time. ***

During this transition, we will be upgrading our customer management system and must provide you with new login information. Please call us at 1-877-890-5310 to ensure you can access your account after December 11th.

Thank you for your continued patronage with CoreComm Business Services, and we encourage you to respond to this email with any questions or concerns you may have, or call us at 1-877-890-5310.

Thank you,
CoreComm Business Services Department
 DomainSupport@core.com
 1-877-890-2310

If you receive an email like this don’t panic! You should probably keep a file for who your hosting partner is and where your domain is registered. In the above client’s case, we obviously host their servers (and not CoreComm) and their domain is registered through Godaddy. If you know that, and you get an email or snail mail telling you to reregister or change your IP settings, you can immediately put it down as nonsense. In this case, our client knew that we handled all this stuff and figured that it was a little fishy that we would be sending them an email demanding they go and play with their DNS settings. However, some of these guys are a little trickier than even that.

What they’ll do is send you a fake email from Godaddy (or even an official looking letter in the mail) saying something like, “click here to update your account settings.” This will take you to a site that looks completely legitimate – something like http://godaddy.registerering.com (notice the creative spelling) – make it a new habit that whenever you enter a password or credit card number to check the address bar. This is how web addresses should look:

Protocol://subdomain.main-domain.top-level-domain

For example: http://www.sourcetoad.com

Or http://support.sourcetoad.com

Let’s break these pieces up and look at them individually:

http:// (hypertext transfer protocol – nothing you’ll have to worry about)

www or subdomain – most commonly you’ll see www here, but often it might be a subdomain – whatever is before the last dot (.) in the address will be the main domain – i.e. whatever is in front of the .com or .net is the main website. Subdomains can be whatever the person who owns the site wants – but the main domain has to be registered and approved.

So in the example http://godaddy.registerering.com - registerering.com is the main site – and Godaddy is just the subdomain.

What you can do to avoid domain and hosting scams:

1. Make it a habit that when you enter a password or credit card number on a site to have a quick glance at the address bar – make sure you’re not on a fake website.

2. Don’t use a cheap dime-a-dozen hosting company for your web and email needs. Try and find someplace that will have a project manager who actually knows your name and can’t be defrauded themselves. Paying an extra $10-15 a month to have someone who is actually responsible for your online presence is well worth it.

3. If you’re unsure, call your hosting provider. Use the number on their website, not the one on the email you just received. If you do happen to use one of the discount warehouse style hosting companies, type the Subject line or the From line of the email into Google. More often than not, someone has posted a warning about them.

4. Be careful of anything coming from the following: They make these kinds of solicitations all the time:

a. Domain Registry of America (DROA)

b. Internet Registry of Canada (IROC)

c. Internet Registry of America (IROA)

d. Verisign/Network Solutions

5. As weird as it sounds, don’t trust anything that comes to you in the mail about your domain. Domains normally cost the provider around $10 a year, and they’re not going to eat into tiny margins with the cost of postage.

My final, and probably best piece of advice is to be suspicious first. The Internet is full of bad people doing bad things. I don’t mean to scare you, but if you take the stance that everyone is out to get you, then you’ll be extremely skeptical of anything that is sent asking you to play with settings or send money.