Fake messages about domains, hosting, and GDPR – how not to get fooled

More and more people are running their own websites, online stores, or blogs. Unfortunately, as the web continues to grow, so does the number of scams targeting domain owners and hosting service users. It’s increasingly common to receive emails or SMS messages that, at first glance, look like official communications from service providers — they feature company logos, sound serious, and usually urge immediate action.

Scammers impersonate domain registrars, hosting providers, and even institutions responsible for GDPR compliance. In this article, we’ll show you how to recognize fake messages, how scammers operate, and — most importantly — how to protect yourself effectively.

Most common fake messages we receive

Website owners are increasingly becoming targets of cybercriminals who impersonate companies dealing with domains, hosting, or GDPR compliance. What are the most common types of messages we receive?

Fake domain invoices

• Messages resembling official notifications from domain registrars.
• Often contain warnings like: “Your domain will expire in 24 hours – pay now to keep it“.
• The link leads to a fake payment page or contains malicious code.
• The requested fee is often significantly higher than standard.

Impersonating hosting companies

Fake emails notifying about:

• alleged technical issues (e.g., “Your hosting account has been suspended“),
• unpaid invoices,
• urgent action required to restore the service.

Scammers count on users panicking and clicking links to submit login credentials or make a payment.

GDPR-related messages

• Content like: “Your website violates GDPR – you may face a fine“.
• A request to “resolve the issue” by paying or signing a fake document.
• Sometimes includes “payment demands” or “GDPR agreements” to sign – often containing malware or phishing forms.

Brand or SEO renewal requests

• Offers like “extend your visibility on Google” or “protect your domain from competitors”.
• Usually sent from unofficial email addresses, with short deadlines and high fees.
• They exploit lack of knowledge and fear of losing brand visibility or ranking.

Suspicious SMS or calls

• Not only emails – there are also fake SMS messages, e.g., about alleged “server suspension”.
• Less frequently – calls from fake consultants offering to “help regain access” or asking to “confirm your details”.

How scammers operate

Online scammers are using increasingly sophisticated techniques to trick website owners into giving up money, login credentials, or personal information. Their actions usually begin with gathering publicly available data. They use WHOIS databases if domain privacy is not enabled, and information from the site itself – such as contact emails, company data, or policies. This helps them craft messages that look personalized and trustworthy.

Most often, they impersonate well-known hosting providers, domain registrars, data protection authorities (e.g., UODO), or even Google. The fake messages include company logos, mimic legitimate layouts, and are often sent from email addresses that closely resemble real ones – differing by just one character or domain name.

The scammers’ main tactic is to create a sense of threat and urgency. Typical messages claim the website will be blocked, the domain deleted, or a financial penalty imposed – often within hours. The goal is to make the recipient act impulsively and click the link or pay the invoice without verifying the sender.

The links in such messages often lead to fake pages that mimic login panels of popular hosting services or payment systems. Once login credentials are entered, criminals can gain access to user accounts – allowing them to take over domains, delete websites, or alter settings. In other cases, users are taken to a fake payment form where they enter credit card details – which are then stolen.

Sometimes, the attack unfolds in stages. Initially, scammers send an “innocent” request to confirm contact information, followed by an invoice or link to a fake page. In more advanced attempts, they even make phone calls, pretending to be support agents to gain trust.

It’s important to remember that scammers don’t always want just money – they may also be after access to your hosting panel, user data, client databases, or admin tools. They can use this data in further attacks – including on other companies.

How to recognize a fake message?

While fake messages are becoming more polished in terms of design and language, they can still be identified — if you know what to look for. The key is vigilance and common sense. Below are the most important red flags:

1. Unusual sender email address
   Check the sender’s email address. Scammers often use domains that only appear official — e.g., info@ovh-hosting.net instead of info@ovh.pl. Even if the sender name looks familiar, always check the full email address.
2. Lack of personalization
   Legitimate providers usually address you by name or include your domain name. Fake messages are often generic: “Dear customer,” “Your service,” or “Your account,” without specifics.
3. Urgency and threats
   Typical scam wording includes: “You must pay within 24h,” “Your domain will be deleted,” “You face a penalty.” This pressure is meant to provoke quick, unthinking action.
4. Language mistakes and strange phrasing
   Many scammers use machine translation or poorly written text. Watch for typos, bad punctuation, odd phrases, or unnatural language.
5. Suspicious links and attachments
   If there’s a link, hover your cursor (don’t click!) to see where it actually leads. If the domain looks suspicious or has strange characters (e.g., paypal-secure-account.xyz), don’t click. Attachments in unknown formats (.zip, .exe, .scr, .iso) may contain malware.
6. No way to verify the information
   If the message lacks contact information, customer ID, or links to official login pages — be cautious. Try logging into your hosting panel independently (not via the email link). If everything works, the message was likely fake.
7. Requests for sensitive data that a real company would never ask for
   No trustworthy provider will ask you via email for:

• your hosting panel password,
• credit card information in plain text,
• your national ID number (e.g. PESEL, NIP), or a scan of your ID.

What to do if you suspect a scam?

If anything about a message you received raises doubt — don’t ignore that feeling. Scammers rely on your inattention and haste. Here’s what to do if you suspect a message might be fake:

Do not click links or open attachments

1. This is rule number one. A single click can lead you to a phishing site or run malicious code.
2. Do not download or open files with extensions like .exe, .zip, .scr, .iso, or .pdf from unknown sources.

Verify information at the source

1. Log into your domain registrar or hosting provider account — but manually enter the address into your browser (do not use the link from the email).
2. Check whether you really have outstanding payments, expired domains, or any alerts.
3. If unsure, contact customer support through the official website’s contact form or phone number.

Report a suspicious message

1. Most email services (like Gmail or Outlook) let you mark a message as phishing.
2. This helps spam filters block similar attempts in the future.

Forward the message to relevant authorities

1. You can report a suspicious message to:
2. CERT Polska – national cybersecurity incident response team
3. The Polish Data Protection Authority (UODO) – if the message refers to GDPR violations
4. Your domain registrar or hosting provider — to help warn other clients

If you clicked a link or shared data – act fast

1. Immediately change your account passwords if you entered login info.
2. Enable two-factor authentication (2FA) if available.
3. Contact your bank if you shared payment card details.
4. Scan your computer with antivirus or antimalware software.

How to protect against scams?

To protect yourself against scams, it’s important to follow basic security practices. First of all, enable domain privacy (WHOIS Privacy) to hide your contact details from scammers.

All accounts related to your domain, hosting, or website should have strong, unique passwords and active two-factor authentication (2FA).

Learn more about two-factor authentication in our article:

Two-factor authentication for WordPress – what is it and how to configure it?

One of the tools that enhances website security is two-factor authentication. Why is 2FA so important, and how can it be implemented in WordPress?

read more

Never share your login credentials, passwords, or card details in response to emails — no trustworthy company will ever ask for them. Also, monitor service expiration dates and always use official sources to renew them. Vigilance is key — if something seems suspicious, it’s better to verify than to click in haste. Regular education and keeping your software up to date further increase your security.

Summary

Fake messages related to domains, hosting, or GDPR are a real threat that any website owner can encounter. Fortunately, by learning how to recognize scams, how to respond to suspicious activity, and how to maintain basic security, you can effectively avoid serious issues — both financial and reputational. It’s worth applying a healthy level of skepticism, carefully verifying every message, and never acting under pressure. The more aware you are, the harder it is to fall for a scam.