Scammers are buying expired domains to steal user data

scammers-are-buying-expired-domains-to-steal-user-data Photo by Tima Miroshnichenko/Pexels

Scammers are automatically buying domains that expire in order to use them later on for malicious purposes. This means that if a legitimate business’ business domain expires, scammers might automatically purchase these domains and change the authority links to direct them to malicious sites or use them to gather data via fake stores and linked emails.

Scammers are using SEO tricks buy expired domains

The story by TechCrunch shared a website called that allows visitors to know when a domain expires. The article notes that one potential result is that if a domain expires and the owner tries to renew it, the domain might turn red instead of green.

Once scammers get a hold of the domain, the business owner might find their domain a host of a scam business selling explicit material or other scams. This, however, might not be the worst-case scenario.

What Scammers Do When They Buy an Expired Domain

When the scammers get a hold of the domain, they could point it to a new IP address, retain the original website’s appearance, and leave it running. This is done to ensure that the domain doesn’t drop in rankings which could allow the scammers to push for more malicious activity later on.

After the period of pretending to be the original website, the scammers can then subtly apply changes to the website. Once the IP is changed, it could take a while before Google is “effectively tricked into accepting the domain.”

Scammers could create fake shops to steal information

The scammers make use of the reputation built by the original business to scam new visitors thinking the website is still the same. A post by HostGator shared how scammers can use the expired domains to create fake shops in order to steal data from users.

The post notes that the worst-case scenario could be that the fake shops steal credit card information from visitors looking for a bargain. Another potential danger could be the scammers trying to target the email accounts linked to the domain.

The risk of scammers buying expired domains

When targeting the linked email accounts, the scammers could steal credit card information, company secrets, and even employee information. HostGator notes that once a domain expires, it is automatically made available to anyone wanting to register the name.

The hosting provider notes that while certain buyers purchase domains for legitimate purposes, some of them purchase the name for unethical purposes. As per the provider, the data stolen by scammers can then be sold on the dark web or used for malicious purposes.

The largest risk indicated is if the scammer steals the former employees’ banking, social media, and other professional accounts directly linked to the domain’s email address. HostGator notes that it is important for businesses to automatically renew their domains in order to keep them safe and unused by scammers.