In the last couple of weeks, I’ve started receiving some scam invoices and I thought I’d share so people will know about this scam and what you need to do.
Here’s how the scam goes. You get a very real invoice in your inbox sent through PayPal. The invoice is purportedly from PlanetHoster. It has the PlanetHoster logo and is for domains that you actually own. It looks really legit.
You click on the View and Pay Invoice button, and see the invoice. You can login to your account and the invoice is there. Here’s one I got today.
I did in fact recently renew this domain with a few others, and the amount I paid was almost exactly what this invoice is for. However, look at the note at the bottom. The domain it lists is not the same as the one from above (that I blurred out) and it’s not a domain I own. That was my tip off.
So first I logged into my PlanetHoster account to see what was going on. The domains that I’m being invoiced for were already paid this month, by credit card not PayPal. And that’s another tip off. I normally pay for all my domains via credit card not PayPal, although it’s not unheard of for me to use PayPal. But it was definitely not right.
So I checked my PlanetHoster account and the domains had been paid. So I figured it was just a spoofed or fake email and had planned to just delete it.
But then on a hunch I logged into my PayPal account, and low and behold, I can see two unpaid invoices that match the two emails I got.
Obviously, the invoice is not showing from PlanetHoster on this screen, but if you click the invoice, they do have the PlanetHoster logo and show domain names I own.
So basically a scammer is sending real invoices through PayPal for domains you own, making it legit seem like something you need to pay. And since it’s a real invoice right in your PayPal account, if you send them payment, they get the money.
What should you do?
Pay attention to where the emails are coming from and how you typically pay for your domains. I normally pay via credit card, so the PayPal invoice was a new one. But it looked legit enough that I had to check into it.
If you get it, don’t pay it, obviously, and report it to PayPal. You can report it to PlanetHoster if you want, but since their system isn’t actually involved (just someone claiming to be them) there’s not much they can do.
Change your domain registration to private
The reason you are likely getting these is because scammers are looking at domain ownership information. They can see renewal dates, your name and info, and your domain registrar in the WHOIS database if it’s not private. It’s really obnoxious that you have to pay extra for the private service and if you don’t, you have to deal with this.