QUESTIONS FROM BUSINESS OWNERS

Is this email or call I got about my website legitimate, or is it a scam?

Posted on
how to avoid scams targeting website owners

Scam emails, phone calls, and letters are on the rise. As businesses get serious about their web presence, scammers see opportunities to deceive or take advantage of us. I don’t want you to fall victim to these scammers!

Common scams include:

  • Telling you there’s a problem with your website and they can fix it
  • Promising traffic or top placement in search results
  • Warning you that your google listing won’t be visible unless you pay them
  • Physical mail disguised as a bill for your domain name
  • Robocall claiming to be from Google, an employee, or official partner of Google

All of these are 100% scams.

Ways to identify scammers:

Scam emails often use poor English. Very often, the bottom tier of scammers send emails filled with typos, odd word choice, poor grammar, and false names that just… sound a little off. (I think the strangest scammer name I’ve heard was “Prince Toe,” who claimed he wanted me to build him a website.)

They try to pressure you with a deadline. Scammers (especially on the phone) tend to give dates and tell you that your listing is expiring soon and your website will not be visible unless you give them money by a certain date. They want you to be off balance and act before thinking it over or asking your website professional.

For example, here’s a picture a client sent me of a letter she got in the mail, asking if it was legitimate. It is disguised as a bill for her domain name, and uses time pressure and official-sounding language and imagery to get her to send them money:

A scam letter in the wild.

In the fine print (on the reverse, not pictured), they are legally required to confess that it’s not a bill for your domain name. But it seems intended to represent that it is. And take a look at the amount of the bill– $289! For reference, domain names are usually about ~$10 per year. So not only are these guys liars, they’re greedy liars.

There’s actually worse examples, too– some of them will actually get you to transfer your domain name to them and charge you extortionate prices! At least the above scammer is just charging for a useless “directory listing,” if they deliver anything at all.

Scammers often call on the phone with automated, robotic voices or sometimes realistic recordings. Sometimes the robotic voices are reading a script with non-standard english, and more sophisticated scammers use realistic voices (some even program in “ums” and “ahs”!) Scammers can disguise the call as if it’s coming from any phone number, likely one in your area code, or sometimes from random cities all over the US.

They may claim they are affiliated with Google. Google will never call you unsolicited.

They often promise things they can’t guarantee regarding search engine rankings. Many claim they can get you to the #1 position on Google search results for your desired keywords– but no one can really guarantee that. Legitimate SEOs will give you realistic expectations.

What should you do if you’re contacted by a potential scammer?

Chances are, if it seems suspicious, it isn’t legitimate. If it’s an email, don’t reply to the email, not even if it says “Reply ‘stop’ to be taken off the list.” That just tells them that your email address is active and you will get more emails in the future. If it’s a phone call, hang up. If it’s a physical piece of mail, shred any personal details before discarding it.

If you’ve been contacted and you’re not sure if it’s a scam or legit, contact your web professional. If you’re a website care plan customer of mine, I am always happy to help.

I would rather answer a million emails asking “is this legit or not,” than for these dishonest thieves to get single red cent out of you.

What if it’s a real email?

Sometimes, you might get emails from a web host or domain name registrar and you’re not sure if it’s a real bill, an upsell to a legitimate service, a scammer, or an unneeded service that you forgot to cancel. It can be really hard to tell the difference!

If you get an email from someone saying they are your registrar saying your domain name is expiring, or your web hosting needs payment, don’t ignore it. Check your records to see through whom your domain name is registered or who your web host is.

If you’re not sure who your domain name registrar or web host is, try searching your email archives for the phrase “domain name” or “web hosting”. You can also use online tools to look up your registrar, like this lookup tool. (Or, if I’m your web designer, just ask me for help finding this info.)

If your domain name expires, it can be difficult to get back, if you can at all. Some people make money by buying up expired domains and reselling them at thousands of dollars.

Your domain name is how customers actually find your website, so it’s important to maintain control of it. If you’re not sure if an email is from who it claims to be, don’t click the link in the email itself– navigate to the registrar’s website directly and see if there’s something that needs your attention.

If you lose your domain name, you have to start from scratch building your reputation up with Google. And your customers may be directed to an error page, or a notice that the domain is for sale. So when in doubt, ask!

In a similar vein, web hosting is the only way your website is made available on the internet. If the web hosting bill goes unpaid, visitors may see an error page, or even a notice that your bill is unpaid.

With both web hosting and domain names, my best recommendation is to put the bills on auto-pay and make sure your payment method is kept up-to-date.

Alleged “copyright infringement”

There’s a more sophisticated scam that’s on the rise where someone posing as a photographer claims that you’ve stolen their images.

It might say something like:

“Your website or a website that your organization hosts is infringing on a copyright protected images owned by our company (name of company).”

Check out this doc with the URLs to our images you used at [yourwebsite].com and our previous publications to obtain the proof of our copyrights.”

The giveaway is they want you to click a link– it’s usually a Google Docs link. Don’t click the link. It’s malware (or a phishing attempt).

The scam is very sophisticated compared to the average effort. There’s quite a number of variations, but the one that I read had perfect English, a story that made sense, and was from a gmail address that sounds like one a photographer would have! The first time I saw it, I almost thought it was a real demand letter– except they were claiming copyright infringement by a client of mine whose only images on his entire website were watercolor paintings he had done himself. And instead of asking for money for the image, there was a link claiming to be to view the copyrighted work.

But to be on the safe side, if you get an email threatening legal action or asking for money over copyright infringement– and it doesn’t sound like the scam above– check to see if you have really have an infringing photo.

An easy way to tell the difference: if they are asking for money (not something like gift cards or bitcoin) it’s possible it’s legitimate and you should ask your web professional for more info. But if they are trying to get you to click a link, like the above example, it’s a scam.

If you have used a copyrighted photo that you found online without attributing it, it’s not unheard of for the copyright holder to send a demand letter by email to the website owner. If ignored, they really may turn the case over to their legal team to recover payment for the image.

So my recommendation is not to take risks– it’s easy for copyright holders to reverse-image search and find infringing images. When I work with clients to source images for their website, I include premium stock photography I purchase for you from a reputable service, so you are not at risk of getting sued over copyrighted images.

Now you are forewarned and forearmed against a variety of scams– just remember:

1. If you’re suspicious, statistically, it’s probably spam

2. Know exactly who your domain name registrar and web host are

3. Read emails carefully and prefer directly visiting their website rather than clicking links

4. When in doubt, search for a line or two from the email, or just ask your web professional

Be careful out there– be skeptical, be a little suspicious, and stay safe!