No Such Thing as a Stupid Question – Avoiding scam invoices

I want to share a quick story with you — partly because it’s something most of us know deep down, but also because we don’t always do it. And sometimes a little reminder can save a whole lot of money.

So, last Thursday evening I got an email from a client. The subject line read:
“Renewal notifications for xxxxxx.com.au.”

The message said: “Is this legitimate?”

Straight away I knew it wasn’t. We manage all of this client’s domains, so if the renewal wasn’t from us, it had to be a scam. I fired back a quick reply: “Nope, it’s a scam — please delete it.”

A few minutes later, the client replied:

“Oh goodness, I am glad I checked — I usually just pay these.”

That reply stuck with me. Because how many people do just pay these without thinking twice? So, with 30 spare minutes up my sleeve, I decided to dig into it — partly out of curiosity, partly out of irritation

The Anatomy of a Scam

First stop: I ran a scan on the email and its attachments. No viruses, no malware — so far, so clean.

Next, I checked who owned the domain. Surprise, surprise — it was hidden behind a privacy wall (not unusual). Then I opened the “invoice.”

It looked pretty legit at first glance — clean layout, online payment form, and a real payment gateway: Stripe. The invoicing system was Ninja Invoicing, another genuine platform. So, it wasn’t one of those dodgy-looking scams — it was designed to feel real.

And here’s the kicker: the company name on the invoice was DNRS Australia, claiming to operate from 15 Moore Street, Canberra ACT. Their website — dnrsaustralia.com — looks professional enough to fool plenty of people. But don’t be fooled. It’s a scam operation.

Basically, it was a “spray and pray” setup — send enough fake invoices, and eventually someone pays.

Here’s the clever bit: they picked a domain that was registered for two years and sent the invoice smack in the middle of that period. So, if someone paid it now, they might not notice the double-up until much later — and by then, Stripe’s dispute window (120 days) would’ve closed.

Curiosity Turns Into Action

At this point, I could’ve just closed the case and gone about my evening. But something about scams like this really gets under my skin.

So I rolled up my sleeves and went full “digital detective.”

• Step 1: Found the registrar — GoDaddy. Lodged a formal complaint with their abuse team.

• Step 2: Reported the fake account to Ninja Invoicing — the scammers’ invoicing platform.

• Step 3: Flagged it with Stripe, since they were processing the payments.

• Step 4: Sent a report to Scamwatch Australia, with all the details.

If you’re going to scam small businesses, you’d better hope I don’t have spare time and a coffee in hand.

Why These Scams Work

Domain renewals are cheap and often managed by different providers. So getting an invoice from an unfamiliar company doesn’t always raise red flags — especially when people are busy and just want to “get it paid.”

That’s why these scams work. They rely on confusion, repetition, and timing.

How to Protect Yourself

Here are a few simple steps that make a big difference:

1. Keep all your domains with one provider.
   It’s easier to track renewals and spot anything out of place.

2. Make sure the person paying invoices knows who your provider is.
   This goes for everything — hosting, software, subscriptions — not just domains.

3. Ask the question.
   Seriously, there’s no such thing as a stupid question. If something doesn’t look right, pause and check. A 10-second email can save you hundreds.

The Takeaway

Scammers are getting more sophisticated — cleaner invoices, legitimate-looking systems, even real payment gateways. But they’re still running the same old playbook: trick enough people into paying, and the numbers work in their favour.

So remember: slow down, check twice, and never be embarrassed to ask. That one small habit might just save you from a big headache — or a lighter bank account.