A convincing fake domain renewal email is circulating right now. If you get one, don’t click through.

A Scam Email That Knows Your Real Domain and Expiration Date

Security researchers are tracking a scam email that uses your real domain name and its actual expiration date, paired with a countdown timer, to pressure you into clicking a “complete your renewal” link. The page that follows looks like a normal checkout, but it’s designed to collect your payment information for the scammer instead of your actual registrar.

What makes this one dangerous is the accuracy. Because the email includes your correct domain and real expiration date, it looks legitimate at a glance, more convincing than the generic phishing attempts most people have learned to ignore. If you enter your payment details on the fake page, the scammer walks away with your card information, and since they already have your real expiration date, they can try the same scam again next year.

How to Tell It’s Fake Before You Click

  • Never renew a domain by clicking a link in an email. Log into your registrar’s website directly, the same way you always have.
  • Check the sender’s email address closely. A real renewal notice comes from your actual registrar’s domain, not a lookalike.
  • If you’re not sure whether an email is real, don’t click anything. Log into your registrar account and check your renewal date there instead.

If you manage domains for other people, this is worth a heads-up to anyone who might see this email land in their inbox. When someone else manages your domain renewals for you, you’re never the one left guessing whether an email like this is real.

Source: Security Boulevard, reporting on Malwarebytes research