Minimizing the Risk of Having Your Domain Name Stolen
Recently, there’s been an uptick in the number of domains I am not positive if it’s because of the globalpandemic and people are getting more desperate for money, or if domain thieves are taking advantage of the shifting digital and techatmosphere. COVID-19 is causing more people to become online and conduct business online. But this also means that many do not fully understand how to properly protect their digital assets, such as domains. This could be why we are seeing more and more online scams, phishing, and internet theft in general.
When I think of digital assets, I believe of many different kinds. Our digital assets may include access to a bank account on line, access to accounts like cryptocurrency accounts, and payment transaction sites such as PayPal, Masterbucks, and Venmo. Then there’s online shopping websites’ logins, such as Amazon, Walmart, Target, and eBay, in which most likely you have an account where your payment data is stored. Apple Purchase and Google Pay are other people, as well as your website hosting account that handles your email (if you don’t use Gmail.com or Outlook.com), and, ultimately, your domain name. If your domain goes missing, then you lose a lot: accessibility to email, as well as your website probably will return, where you are going to lose visibility, online sales, and customers. Online thieves are hacking websites and anywhere there is a login, since they’re attempting to get to your digital assets.
Protecting Online Accounts
Many People are now used to protecting our online accounts byusing a unique, protected password for each login that we have online. An important part of protecting digital assets, and domains, is to make sure you get a safe password and two-factor authentication setup for your login at your domain registrar. In many cases, if a thief gains access into an account at a domain registrar, the consequences can be disastrous if you do not have additional protections in place to protect your domain name.
Hackers who gain access to your domain registrar’s account may do a few things that would disrupt your company:
They could point the domain name to another web server, perhapstheir”copy” of your website. You’d think that it’s the copy, but the copy may contain malicious code.I’ve even seen them direct online sales from a copy of your website to them so they benefit monetarily from it through identity theft or diverting funds. They might even keep your samecontact info on the WHOIS record so it looks like you still have it–but the domain may be transferred into their account. When it’s from your account and you no longer control the domain name, then they’ve stolen the domain and canresell it. As soon as they start the transfer then they’ve attempted to steal the domain name, and when it is moved then it is regarded as stolen. They can keep the exact same name servers so that it points to your website, and therefore you don’t detect that it is stolen.
Digital thieves understand that domain name Names are valuable, as they’re digital assets that may be sold for tens of thousands, thousands, hundreds of thousands, as well as millions of dollars. Regrettably, domain crimes generally go un-prosecuted. In many cases, the domain thieves aren’t located in precisely theexact same state as the sufferer. They all have exactly the exact same thing in common: they wish to benefit monetarily from slipping the domain name. Here’s a coupledomain crimes that I’ve found recently:
A company’saccount at a domain registrar was hacked (using social technology). The business was involved in cryptocurrency, so gaining access to this domain name allowed for the hackers to get the company’s crypto exchange.
The domain thief posed as a domain buyer, telling the domain owner they wanted to buy their domain for a few thousand dollars. The buyer and seller agreed to a cost, the thief told them they could pay them through cryptocurrency. The seller moved the domain name once they were given details of this cryptocurrency transaction. When the seller attempted to access the cryptocurrency and”cash in”, it was invalid. They were scammed, and dropped the domain name.
A domain name owner that has a portfolio of valuabledomain names gets their account hacked at a domain registrar. The owner doesn’t realize this, and the domains are transferred to another registrar in another country. The gaining registrar is stubborn (or in on the theft), and won’t return the domains.
A domain name owner has his or her account hacked at the domain registrar and domains are moved out to another registrar. They then sell the domains to somebody else, and the domains are moved again to another registrar. This occurs several times, with various registrars. Those who bought the domain names do not know they are stolen, and they lose any investment they made in the domains. At times it’s difficult to unravel cases similar to this, since there are several owners and registrars involved.
All Of these occurred in the previous two to three weeks. In the case of this domain name purchase scam, the vendor must have employed a domain escrow service, there are several reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that handles domain name sales.
So how can you minimize the risk of your domain getting stolen?
Move your domain name to a protected registrar.
Log in to your registrar account on a regular basis.
Setup registry (transfer lock) on your domain name.
Check WHOIS data regularly.
Renew the domain name for many years or”eternally”.
Take advantage of other security features at your own Password.
Shield your domain with a domain name guarantee.
Consider Moving your domain to a protected domain name registrar. You will findregistrars that haven’t kept up with common safety practices, such as letting you set up 2-Factor Authentication on your account, Registrar Lock (that halts domain transfers), as well as preparing a PIN number on your account for customer service interactions.
Log Into your domain registrar’s account on a regular basis. I can’treally say how often you want to do this, but you ought to do it on a regular schedule. Log in, be sure you have the domain name(s) in your account, be sure they are on auto-renew, and nothing appears out of the normal. This less-than-5-minute task could literally save your domain from being stolen.
Establish Registrar Lock or”transfer lock” on your domain name. Some It is a setting that makes certain the domain cannot be moved to another registrar without needing it turned off. Some go as far as maintaining it”on” unless they get verbal confirmation that it needs to be transferred.
Assess The WHOIS data on the domain name. Test it publicly on a public WHOIS, like at ICANN’s WHOIS, WhoQ, or at your registrar.
I recommend at least 5 Decades For valuable domains (or ones you don’t wish to shed). It’s possible to get a “eternally” domain registration at Epik.com.
Request the registrar if the account access can be restricted based on Request the accounts if the account may be restricted from logging in by a USB Device, like a physical Titan Security Crucial, or a Yubikey. If you have Google Advanced Protection allowed on your Google Account, you will have two physical keys to get this Google Account (plus some advanced security in the Google back-end). You’d then have those Advanced Protection keys fromGoogle to protect the domains on Google Domains.
Look at protecting your domain name(s) with a domain name guarantee or service that protects these digital assets, such as DNProtect.com.
It is harder for the fraudsters and thieves to steal domains at those registrars. Some domain name registrars don’thave 24/7 technical support, they can outsource their customer supportagents, and their domain name registrarsoftware is outdated.
Domain Name Thefts Occurring Right Now
As I write this now, I have been informed of at least20 very valuable domains that were stolen from their owners at the previous 60 days. For example, of two cases I personally confirmed, the domain names were stolen from one particular domain registrar, based in the USA. The domains were moved to some other domain registrar in China. Both these companies who have the domains are, in fact, based in the United States. Thus, it is not plausible that they would move their domain names into some Chinese domain name registrar.
In the case of
Both domains, this exact same domain name thief retained the domain name ownership documents intact, and they both reveal the former owners. But in 1 case, part of this domain contact record was changed, along withthe former owner’s speech is present, but the last part of the addressis listed as a Province in China, rather than Florida, in which the businesswhose domain name has been stolen is situated.
What tipped us off to these stolen domain is that both Domains were listed available on a favorite domain name marketplace. However, these are domains in which the overall consensus of this value could be over $100,000 per year, and were listed for 1/10th of the value. Remember the 1 year old $150,000 Porsche listed available on Craigslist for $15,000? It is too good to be true, and probably it’sstolen. The same goes for these domains that are allegedly stolen. The cost gives them away, also, in this scenario, the possession records (the WHOIS records) also reveal evidence of this theft.
It has never Been more important to take responsibility for your digital assets, and Make sure they are with a domain registrar that has accommodated And evolved with the times. A few moments spent wisely, securing your Digital assets, is imperative in times such as these. It can function as Difference between your valuable digital assets and web properties being Safeguarded, or potentially exposed to theft and threat.