INNOVATECH GROUP
Get Started
Install this app for quick access.
Beginner
Published 17 Apr 2026

Recognizing Phishing Emails vs. Legitimate Domain Renewal Notices

5 min General
Share

Domain renewal scam emails are one of the most common threats targeting website owners, particularly in South Africa. These fraudulent messages impersonate registrars, hosting providers, or domain authorities to trick you into paying for services you do not owe or surrendering your login credentials. This guide helps you tell the difference between a legitimate renewal notice and a phishing attempt.

How Domain Renewal Scams Work

Scammers send emails that mimic official domain renewal notices. They typically:

  • Use urgent language, warning that your domain will expire immediately unless you pay
  • Include official-looking logos and formatting copied from real registrars or organisations
  • Link to convincing but fraudulent payment pages
  • Demand payment to an unfamiliar bank account or through an unusual payment method
  • Reference real domain names (which are publicly available via WHOIS records)

These emails are designed to create panic so you act before thinking critically.

Red Flags: Signs of a Phishing Email

Watch for these common warning signs:

  1. Unfamiliar sender address — check the actual email address (not just the display name). Legitimate notices come from your hosting provider's known domain. If the address does not match, treat it with suspicion.
  2. Urgent or threatening language — phrases like "IMMEDIATE ACTION REQUIRED", "your domain will be deleted in 24 hours", or "failure to respond will result in loss of your domain" are pressure tactics commonly used in scams.
  3. Unexpected payment requests — if you are not expecting a renewal or the amount does not match your usual billing, verify before paying.
  4. Links to unfamiliar websites — hover over (do not click) any links in the email. If the URL does not point to your hosting provider's actual website, do not follow it.
  5. Generic greetings — legitimate notices from your provider will typically address you by name or reference your specific account details, not "Dear Domain Owner" or "Dear Customer".
  6. Requests for passwords or personal information — your hosting provider will never ask for your password via email.
  7. Poor grammar or formatting — while not always present, spelling errors and inconsistent formatting can indicate a fraudulent message.
  8. Payment to an unknown entity — the invoice or payment request names a company you do not recognise as your actual registrar or hosting provider.

How to Verify a Renewal Notice

If you receive a domain renewal notice and are unsure whether it is legitimate:

  1. Do not click any links in the email. Instead, open your browser and navigate directly to the INNOVATECH GROUP client portal by typing the address manually.
  2. Check your services — log in and go to the Services section. Review your active domains and their renewal dates. If a domain is genuinely approaching renewal, it will be reflected in your account.
  3. Check your invoices — go to the Billing section and look for any unpaid invoices matching the renewal. Legitimate renewal invoices from INNOVATECH GROUP will appear here.
  4. Compare the sender — verify that the sender email address matches official INNOVATECH GROUP communication channels.
  5. Contact support — if in doubt, open a support ticket or contact INNOVATECH GROUP directly to ask whether the notice is genuine. Include the suspicious email details (sender address, subject line, any reference numbers).

What to Do If You Suspect a Phishing Email

  • Do not click any links or open any attachments in the message.
  • Do not reply to the email or provide any personal information.
  • Report it — forward the suspicious email to INNOVATECH GROUP support so they can investigate and warn other customers if needed.
  • Delete the email from your inbox after reporting it.

What to Do If You Already Clicked or Paid

If you have already interacted with a suspected phishing email, act quickly:

  1. Change your passwords — immediately change your INNOVATECH GROUP portal password and any other accounts that use the same password.
  2. Contact your bank — if you made a payment, contact your bank or payment provider to report the fraudulent transaction and request a reversal.
  3. Open a support ticket — notify INNOVATECH GROUP support immediately so they can check your account for unauthorised changes.
  4. Monitor your account — keep an eye on your services, domains, and billing for any unexpected changes in the days following the incident.

Legitimate Renewal Notices from INNOVATECH GROUP

Genuine renewal communications from INNOVATECH GROUP will:

  • Come from a recognised INNOVATECH GROUP email address
  • Reference your specific account and domain details
  • Match an invoice visible in your client portal billing section
  • Never ask for your password
  • Never demand immediate payment via an unfamiliar method
  • Provide a reasonable timeframe before any action is taken on your domain

Quick Reference

Sign Likely Phishing Likely Legitimate
Sender address Unfamiliar or misspelled domain Your provider's known domain
Tone Panicked, threatening Professional, informative
Payment details Unknown bank account or method Matches your usual billing
Links Point to unfamiliar URLs Point to your provider's portal
Greeting Generic ("Dear Customer") Personalised with your name or account
Matching invoice in portal No corresponding invoice Invoice visible in your billing section

Was this helpful?

Let us know if this article answered your question.

Need Assistance?

Our support team is ready to help you with any questions.

Open a Support Ticket

We use cookies to keep you signed in and remember your preferences. By continuing, you agree to our Privacy policy.