Scammers send fake domain renewal notices that look legitimate. The trick works because domain owners are never quite sure when their domain is actually due. Here's how to tell the difference and how to stop guessing.
Done in seconds. No sign-up required.
Most domain owners check their expiration date once a year, maybe less. That creates a wide window of uncertainty where a fake "urgent renewal" email lands and the owner can't immediately rule it out. They're not sure when the domain is due, so the urgency feels plausible.
The scam doesn't need to fool you completely. It just needs you to be unsure enough to click the link and enter your card details "just in case." That's the opening.
ICANN issued an alert about fraudulent domain renewal emails over a decade ago. It's still a live problem. Namecheap customers report receiving scam renewals regularly. One common variant poses as WordPress domain renewal and captures both card data and one-time passcodes in real time.
Phrases like "expires in 24 hours" or "immediate action required" when your domain isn't actually due soon. Scammers create pressure so you don't stop to verify.
The email comes from a domain you don't recognize or a lookalike domain (like "namecheap-billing.com" instead of "namecheap.com"). Hover over the sender address before you do anything.
The "renew now" button links to an external site instead of your registrar's actual domain. Hover before clicking. Legitimate renewals send you to the registrar's own checkout.
The email mentions a registrar you've never used. Some scams impersonate a generic "domain registry authority" that doesn't exist. Your domain is only held by one registrar — the one you registered with.
Real registrars don't threaten to delete your domain on the spot. There's a grace period and then a redemption period. Instant deletion language is a pressure tactic, not how domains actually work.
Your registrar knows your account number, username, and the domains you have. Legitimate renewal emails include at least some of that. Generic emails addressed to "Domain Owner" are suspicious.
Close it or leave it alone. Open a new browser tab instead.
Type the URL yourself or use a bookmark. Go to your domain management page and check the expiration date. If no renewal is due, the email was fake or irrelevant.
Go to lookup.icann.org and search your domain. The expiration date is public record. It takes 10 seconds and removes all uncertainty.
If renewal is actually due, complete it through your registrar's website directly. There's no reason to ever click "renew" from an email you didn't expect.
The scam works because of uncertainty. If you already know your domain expires in November and it's currently March, a "renew now or lose your domain" email is easy to dismiss. The pressure has nowhere to land.
Setting an independent reminder means you get a heads-up from a source you trust, before your registrar (or a scammer pretending to be your registrar) sends anything. You know when the real deadline is. You act on your own schedule.
Look up your domain's expiration date in your registrar dashboard or via WHOIS. Then set a reminder for 30 days before. That's the whole thing. The next time a "urgent domain renewal" email shows up, you'll either be expecting it or you'll know it's fake.
More on how domain renewals work and what happens if you miss the deadline: Domain Renewal Reminders.
Check three things: the sender domain (real notices come from your actual registrar, like @namecheap.com or @godaddy.com), the payment link (it should go to your registrar's own website, not a third-party URL), and your account dashboard (log in directly and see if a renewal is actually due). When in doubt, skip the email and log in manually.
Most either steal your payment details by sending you to a fake checkout page, or trick you into transferring your domain to a different registrar under false pretenses. Some pose as "renewal" invoices that are really just unsolicited transfer requests. ICANN has issued alerts about these going back years.
Only if you click the link and authorize the transfer yourself. Domain transfers require your explicit approval and an auth code from your current registrar. A scam email cannot transfer your domain without your participation. But some people have been tricked into approving one thinking it was a renewal.
Legitimate registrar emails come from a verified address at that registrar's domain, link back to your actual account dashboard, and match the expiration date shown when you log in. They do not pressure you with "your domain will be deleted in 24 hours" language unless you are genuinely days away from expiration.
Do not click anything. Log in to your registrar directly and check your domain's expiration date. If no renewal is due, delete the email. If you already clicked a payment link and entered card details, contact your bank immediately. Report phishing emails to the FTC at reportfraud.ftc.gov.
Set an independent reminder before your domain expires. When you already know exactly when your domain is due, a random "urgent renewal" email is easy to ignore or investigate calmly. You're not acting under pressure because you have your own heads-up already.
Set a free domain renewal reminder. You'll get email alerts 7, 3, and 1 day before your domain is due. No account needed.
Set Domain ReminderLast modified: