Plus ça change …
It’s January 2026. While I’m sure that there are plenty of very complex and clever scams out there at the moment that make use of the latest advances in technology (think AI for example) some of the “classics” haven’t gone away.
The “Chinese” or “Asian” domain scam is still very much alive and well.
The way this one works is pretty simple – fear.
They target small businesses and send emails to them that look quite professional. Of course to get the business’ attention they have to create a sense of urgency, so the emails open with wording like this:
Dear CEO,
(It’s very urgent, please transfer this email to your CEO. If this email affects you, we are very sorry, please ignore this email. Thanks)
They’ll then go on to say that they’ve been contacted by somebody who wants to register domain names that are very close to the name of the business they’re targeting. So it’ll be worded something like:
We are a Network Service Company which is the domain name registration center in China.
We received an application from xxxx Ltd on January 12, 2026. They want to register ” brand ” as their Internet Keyword and ” brand .cn “、” brand .com.cn ” 、” brand .net.cn “、” brand .org.cn ” domain names. But after checking it, we find ” brand ” conflict with your company name or trademark. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?
Other times they’ll say they’re “obliged” to let you know about the potential conflict.
Of course the domain pricing will be way higher than what you’d pay normally if you do fall for the scam. And it is a scam.
The other one is one I hadn’t seen in a few years.
Back in 2019 there was quite a bit of attention on a crowd targeting both Irish and other European businesses with fake renewal notices. They started out under the moniker of “DNS Ireland” but then morphed into “IDS Ireland”
The way this works is pretty simple. They scrape email addresses from public websites and other sources and then email what looks like a legitimate renewal notice.
Here’s an example of one:
€89 for a .ie domain name? That alone should ring alarm bells. But if you dig into it a little more there’s even more wrong.
The domain they sent out the renewal notice for that I saw today isn’t due for renewal for months.
Would the domain be “renewed” if the victim paid? No. Because the scammers aren’t the registrar of record for the domain names they’re targeting. Back when the various “renewal” scams were very popular the actual MO was to lure the victim into transferring the domain name. I assume that this lot would try something similar, but they might simply be doing a money grab.
The “company” itself doesn’t seem to exist. The address on the website does not match the one on the “invoice” and the invoice itself does not meet the standards for an invoice under Irish or EU law. Why aren’t they charging VAT? While a small business isn’t obliged to be VAT registered until they hit the threshold that limit isn’t very high (€42500). Colleagues in the infosec space have found that there are quite a few “related” domain names and sites that follow the same pattern. Some are aimed at a generic domain market, while some are for Sweden, Denmark or other specific countries.
Bottom line – be careful. Check who your domain name is registered through. Yes, most registrars will email out renewal notices, but most are legit businesses!
Leave a Reply