If you own a domain or a website, your contact information is publicly associated with it through WHOIS records (even with privacy protection, domain registrations are an attractive target). This makes website owners a particularly appealing target for phishing campaigns designed to steal hosting credentials, domain access, or payment information.
Understanding what these attacks look like is the first step to not falling for them.
What Phishing Looks Like for Website Owners
Attackers impersonate the services you depend on most - your hosting company, domain registrar, or payment processor. The most common scenarios:
Fake domain expiry notices. You receive an urgent email warning that your domain is about to expire. The email looks professional, uses a familiar logo, and includes a button or link to renew immediately. The link goes to a fraudulent payment page designed to capture your credit card information.
Hosting suspension warnings. An email claims your hosting account has been suspended due to a policy violation, unpaid invoice, or security issue. You are asked to log in immediately to resolve the problem. The login page is a fake designed to capture your cPanel username and password.
Fake invoices and billing alerts. You receive what appears to be an invoice from a hosting company or domain registrar. The amounts are plausible. There is a Pay Now button. The payment goes directly to the attacker.
Security alert emails. A message claims your site has been compromised and you must click a link to verify your identity or install a security patch. The link leads to a credential-harvesting page.
Red Flags That Signal a Phishing Email
The sender address does not match the company domain. Look carefully at the actual email address, not just the display name. A legitimate email from dotCanada will come from a @dotcanada.ca address. An email with the display name "dotCanada Billing" but a sending address of billing@domain-services-canada.net is a scam. Attackers often register domains that look similar to legitimate company names.
Excessive urgency. Phrases like "Your domain expires in 24 hours," "Your account will be permanently deleted," or "Immediate action required" are designed to make you act before you think. Legitimate companies give customers adequate notice for renewals and account issues.
Generic greetings. "Dear Customer" or "Dear Domain Owner" instead of your actual name suggests a mass phishing campaign rather than a communication from a company that knows who you are.
Suspicious links. Hover over any link before clicking it. The URL shown in the status bar (or visible on hover) should match the company's actual domain. A link that displays "Renew at dotcanada.ca" but points to dotcanada-renewal.net is fraudulent.
Unusual payment requests. A request to pay via wire transfer, gift cards, or cryptocurrency for a web hosting invoice is always a scam. Legitimate hosting companies accept credit cards and standard payment methods.
How to Verify Whether an Email Is Legitimate
The safest approach is always to go directly to the source. If you receive an email about your hosting account:
- Open a new browser tab and type your hosting company URL directly
- Log in to your control panel
- Check your account status, invoices, and domain expiry dates there
If the account is actually suspended or a domain is actually expiring, you will see it in the control panel. You do not need to click any link in the email.
If you are uncertain whether a communication from dotCanada is legitimate, call or chat with our support team directly. We will confirm whether the message came from us.
What to Do If You Clicked a Link
If you clicked a link and entered your credentials on a suspicious page:
- Change your password immediately on the real site. Go directly to the URL you know is correct and update your password.
- Enable two-factor authentication if it is not already active, so a stolen password alone cannot be used to access your account.
- Check your account for unauthorized changes - look at DNS records, email accounts, and billing information for anything unfamiliar.
- Contact support and report the incident. Your hosting company or registrar may be able to flag any suspicious activity on your account.
If you entered payment information, contact your bank or credit card provider immediately to dispute charges and request a new card.
Using Email Security Tools
Modern email providers like Gmail and Microsoft 365 have built-in phishing detection that catches many fraudulent emails automatically. Keeping your email provider updated and not bypassing spam filters helps reduce your exposure.
You can also check suspicious links before clicking them using tools like VirusTotal (virustotal.com), which analyzes URLs against dozens of security databases.
Phishing attacks succeed because they are designed to look legitimate and create urgency. Slow down, verify through official channels, and trust your instincts if something feels off.
