Home / Blogs

Help! My Domain Name Has Been Hijacked!

Brett Lewis

They are out there. In Internet Cafes and dark rooms from New York to Hong Kong to Iran, the domain name hijackers are plotting to steal your domain names. Fortunately, there are some steps that you can take to protect yourself against losing your domain names.

What is Domain Name Hijacking? Domain name hijacking is the terminology commonly used to describe the wrongful taking of a domain name from its rightful owner, by deception or fraud. Some common forms of domain hijacking include:

  • impersonation of a registrant in communications with a registrar (sometimes called "social engineering")
  • registering a lapsed registrant email address to reset a password and authorize a transfer of registrar or registrant
  • registering a lapsed domain name, used for an administrative contact or registrant email address, and then spoofing the email address
  • hacking or spyware
  • forgery of transfer authorizations or other account verification information
  • theft by a disgruntled company employee or business partner
  • adding new verification information to an account, and later confirming the falsely added verification information to gain access to the account
  • hijacking an email server to spoof email to make it look like it came from a registrant

Why They do It - Some hijackers do it for the money. Domain names are often valuable, either for their value to an existing business, for resale, or for the click-through traffic that they might bring. Some do it for the challenge or the notoriety. It is not uncommon for a hijacker to breach an account and assume control of the domain names in the account, yet not sell them. Some might do it purely to be malicious. What matters most is that these people are out there, they are persistent, and they have no qualms at all about taking your valuable assets away from you.

Once stolen, it can be difficult to recover a domain name. Registrars are often skeptical of claims of domain hijacking, and the hijackers often "launder" the domain names to look as if they have sold them to third parties, even if they have not. By the time you discover that your domain name has been stolen, it may be at its third or fourth different registrar in the name of a completely different party, who claims to have purchased the domain for value. At that point, you may need help unraveling the mess - but what if your domain name is not worth enough to justify hiring an attorney? What if the registrar still won't listen? You may have to try to track down the thief, and sue him or her to recover your name, or you may have to sue the third party who purchased the domain name from the thief. These are both costly propositions, and while you pursue legal action, your online business is quietly being dismantled and monetized by the thief or the new "owner" of the domain.

Prevention - When confronted with the issue of domain hijacking, the best practice is to prevent a hijacking from ever occurring. The hijackers are aware of certain vulnerabilities in the domain name registration system, and they exploit these weaknesses. You can reduce the likelihood that any of your domain names will ever be hijacked by following some simple rules:

  • Always maintain accurate contact information with your registrar or services provider - In the event of a theft, if the Whois information for a domain is inaccurate, it will be difficult for a registrar or service provider to determine who the rightful registrant of the domain name should be. Don't make things more difficult for yourself by providing phony contact information.
  • Register Your Domains with a Reputable Registrar - There are literally hundreds of registrars to choose from and thousands upon thousands of resellers. Complaints about lack of service and responsiveness at shady service providers abound. If your domain name is hijacked from one of these providers, you may have a difficult time getting anyone to listen. Domain name resellers are not under contract with ICANN and are not directly obligated to follow the same transfer confirmation processes that ICANN requires of registrars. Many do, but there is a greater risk that a reseller will not follow best practices, making it more likely that your domain name can be hijacked. Also look for a registrar that sends a transfer confirmation email prior to transferring a domain name.
  • Never Allow your Listed Email Address to Expire - Your email address is the key to unlocking your domain names. Your listed registrant or administrative contact email address can be used at many registrars to reset the controlling user name and password for your account. In addition, under ICANN's Transfer Policy, a gaining registrar usually obtains the required transfer confirmation through electronic mail, sent to the registrant or administrative contact email address on file for the domain name. If you allow your email address to expire, a hijacker will steal your domain name, provided it's worth stealing.
  • Keep User Names and Passwords Secure - Do not share these with anyone, unless they have an absolute need to know.
  • Use a Whois Privacy Service - If your contact information, including your email address, is private, it will be harder to spoof.
  • Lock Your Domains - This is self-explanatory. Many registrars offer a "locking" service, and will not allow a transfer of a locked domain.
  • Monitor Your Portfolio - Routinely monitor your portfolio for any unauthorized changes. The sooner that a hijacking is discovered, the better chance that you have of recovering your domains. This can also be done through an automated script.

If you follow these steps, you will greatly reduce the likelihood that your domain names will be stolen, or, if stolen, that you will be able to recover them quickly. It also helps to have a contingency plan in-hand, know the phone numbers that you will have to call in an emergency, and keep up to date records showing that you are the master of your domains.

By Brett Lewis, Internet Attorney

Related topics: DNS, Domain Names, ICANN, Privacy, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News


Industry Updates – Sponsored Posts

Radix's .ONLINE Fastest to Sell 100,000 Domains

.PRO Domains Now Available to All

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Protect Your Privacy - Opt Out of Public DNS Data Collection

Measuring DNS Performance for the User Experience

LogicBoxes Announces Pioneer Registrar Program

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

City of Miami 3rd in U.S. to Launch Dedicated TLD

Internet Grows to 296 Million Domain Names in Q2 2015

Dyn Comments on ICG Proposal for IANA Transition

.Online Becomes the Fastest TLD to Sell 50,000 Domains

.ONLINE GA Launches with 28,000 Registrations in the First 30 Minutes

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Influential Law Firms Have Become Early Adopters of '.law' TLD

40+ Pioneers Signed on for .TECH, as it Enters EAP Today‚Ä®

WeddingWire Joins Minds + Machines As New TLD '.Wedding' Pioneer

LogicBoxes Introduces DomainBridge

Independent Review Panel Favored DotConnectAfrica Trust Against ICANN Ruling Over .Africa Domain

Carlsberg Group Joins Minds + Machines Pioneer Program

Sponsored Topics