Would it surprise you to find out that domain name con artists prey upon website owners?
The typical scam is perpetrated by sending you an invoice for domain name renewal, which looks legitimate until you read the fine print on the invoice, which usually says something like "This is not a bill. This is a solicitation to transfer your domain name to our service."
If you blithely sign the invoice and pay the bill, you are authorizing that company to hijack your domain right from you.
Domain name scams have been around since the beginning of the internet. By the late 1990s, hijacking became so common that the industry as a whole had to create a way to "lock" your domain. By default, all domains are locked, and as a general rule you are now safe from domain hijacking.
However, as with all legal contracts, your signature is binding. That legitimate looking invoice mentioned above might really be a hijack attempt. Your signature and payment creates a binding contract that will override the lock feature on your domain name. Worst case is that someone has stolen your domain name from you; best case is that they have taken possession of your domain name and are over-charging you to use it.
Tips for preventing your domain from being hijacked:
1. Go here: http://reports.internic.net/cgi/whois
2. Type in your domain name
3. In the report page look for words like "clientLock" or "REGISTER-LOCK"
4. If you do not see that, contact your website guy.
5. Tell your bookkeeper to be mindful of any invoices that stipulate "domain name renewal". Domain name companies usually send emails, not invoices. Also, don't confuse "domain name renewal" with "website hosting renewal" as they are two totally different services.
Your domain name is an important part of your business branding. Protect it at all costs. One you lose it, you will never get it back.