Medium riskEmail Scams

Domain Renewal Scam

Domain renewal scams target website and small business owners with urgent emails or invoices claiming a domain is about to expire. The message often poses as your registrar or a vague "domain services" provider and pushes you to renew through a link. The aim is usually to charge inflated fees, capture your card details, or steal the login to your registrar account so the domain can be taken over.

Quick verdict

Risk level

Medium risk

Scam type

Billing phishing scam

Main red flag

An unexpected "your domain is expiring" email pushing you to pay through a link, often from a company that is not the registrar you actually signed up with.

What to do first

Do not use the link. Log in directly to the registrar where you registered the domain and check the real renewal date and any notices there.

What this scam usually looks like

Example message pattern

Example pattern — not a real report

Example pattern: "FINAL NOTICE: Your domain yourbusiness.co.uk expires in 24 hours. To keep your website and email online, renew now: [suspicious link]. Failure to renew will result in permanent loss of your domain."

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

The sender is a generic "domain services" or "domain registry" name rather than the registrar you actually bought the domain from.
Heavy urgency and threats of losing your website, email, or domain unless you pay within hours.
The renewal fee looks unusually high compared with what you normally pay, or covers years you did not ask for.
The link leads to a payment or login page on a web address that does not match your registrar's normal site.
The expiry date in the message does not match the real renewal date shown in your registrar account.

What to do

Open a new browser tab and log in directly to your registrar to confirm the genuine expiry date and any outstanding payments.
Compare the sender's address and any fees against past, legitimate renewal emails you have kept.
If you are unsure who your registrar is, run a public WHOIS lookup on your domain to see the registrar of record.
Forward suspicious billing emails to your registrar's abuse or support team so they can confirm whether it is genuine.

If you already clicked or replied

If you entered card details, contact your bank or card provider promptly to flag the transaction and discuss a replacement card.
If you typed your registrar login, change that password immediately and turn on two-factor authentication on the account.
Check your registrar account for unexpected changes to domain ownership, nameservers, or contact details.
Review recent statements for unfamiliar charges and report anything you do not recognise.

What not to do

Do not pay an invoice just because it looks official or sounds urgent without checking the real account first.
Do not reuse your registrar password elsewhere, and do not enter it on a page reached from an email link.
Do not ignore a genuine expiry once you have confirmed it directly, as a lapsed domain can be lost.

Similar scams

Medium risk Email

Fake Invoice Email Scam

This scam emails an invoice or receipt for something you did not buy, hoping you call a fake 'support' number or click a link to dispute it.

Medium risk Email

Fake Subscription Renewal Email

This scam emails that a subscription is renewing for a large amount, hoping you call a fake support number or click a link to cancel and hand over details.

Medium risk Email

PayPal Invoice Scam

In a PayPal invoice scam, a fraudster uses PayPal's own invoicing or money request feature to send you a genuine-looking bill for a purchase you never made. The message often includes a "call this number to dispute" note that connects you to a fake support line, where you may be pressured to pay, share account access, or move money. Because the email can come from PayPal's real systems, it can look very convincing.

Frequently asked questions

How can I tell which company is my real domain registrar?

Check the confirmation email from when you first registered, your past renewal receipts, or run a public WHOIS lookup on your domain. The registrar of record is the only company that can renew it for you, so any message from a different "domain services" name should be treated with caution.

Are these emails always scams, or can a renewal notice be real?

Genuine registrars do send renewal reminders, so not every notice is fake. The safe habit is to never act on the email's link. Instead log in to your registrar directly to check the real date and renew there if needed.

Why would someone want my registrar login rather than just money?

Control of your registrar account can let an attacker transfer the domain, change where it points, or redirect your email. This is often more valuable than a single payment, which is why protecting that login with a strong password and two-factor authentication matters.

I paid a suspicious renewal invoice. What now?

Contact your bank or card provider to flag the payment and ask about next steps, then log in to your real registrar to confirm whether your domain is actually renewed. If you entered a password, change it and enable two-factor authentication straight away.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.