Introduction: Phishing and spoofing attacks are a constant threat to your online security. Reg.ly takes your privacy seriously and will never ask for sensitive information through email. Stay vigilant and follow these steps to protect yourself.
Reg.ly will never ask for sensitive personal information, such as your password, security questions, EPP code, 2FA backup code, credit card details, or any other sensitive information through an email. If you receive an email claiming to be from Reg.ly, follow these steps to verify its authenticity:
Basic Checks:
- Sender's email address: Double-check that the email originates from a legitimate @reg.ly email domain. Hover over the sender's name to reveal the full email address, ensuring there are no subtle misspellings or variations.
- Greeting: Legitimate Reg.ly emails typically address you by your full name. Exercise caution if you encounter generic greetings like "Dear Reg.ly Member" or "Valued Customer."
- Urgent or threatening language: Scammers often employ scare tactics, alleging your domain is compromised, payment is overdue, or your account faces suspension. Remain calm and evaluate the situation critically.
- Suspicious links: Scrutinize website addresses before clicking. Hover over links to unveil the full URL. Verify the link directs you to the official Reg.ly website (reg.ly) or (my.reg.ly) and not an imitation, If reg.ly requests information from you, we will always direct you back to the my.reg.ly client area to provide the information.
Advanced Checks:
- Email headers: Examine the email's raw headers for technical details like the sender's IP address and email server information. Instructions on how to view headers can usually be found in your email client's help section.
- Domain authentication: Check if the email passes SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) checks. These protocols help validate the email's origin.
- Compare with previous emails: Compare the suspicious email with genuine Reg.ly emails you've received in the past. Note any discrepancies in formatting, tone, or content.
- Check Reg.ly official announcements: Visit the official Reg.ly website (reg.ly) to see if they have issued any warnings about ongoing phishing campaigns.
What to do if you receive a suspicious email:
- Do not click on any links or open attachments.
- Do not reply to the email.
- Forward the suspicious email to Reg.ly's Abuse Team at abuse@reg.ly
- Change your Reg.ly password and enable Two-Factor Authentication.
By following these guidelines, you can effectively identify and thwart phishing attacks targeting your .ly domain and Reg.ly account. Safeguard your online presence and protect your valuable domain assets.