Home / Blogs

Help! My Domain Name Has Been Hijacked!

Brett Lewis

They are out there. In Internet Cafes and dark rooms from New York to Hong Kong to Iran, the domain name hijackers are plotting to steal your domain names. Fortunately, there are some steps that you can take to protect yourself against losing your domain names.

What is Domain Name Hijacking? Domain name hijacking is the terminology commonly used to describe the wrongful taking of a domain name from its rightful owner, by deception or fraud. Some common forms of domain hijacking include:

  • impersonation of a registrant in communications with a registrar (sometimes called "social engineering")
  • registering a lapsed registrant email address to reset a password and authorize a transfer of registrar or registrant
  • registering a lapsed domain name, used for an administrative contact or registrant email address, and then spoofing the email address
  • hacking or spyware
  • forgery of transfer authorizations or other account verification information
  • theft by a disgruntled company employee or business partner
  • adding new verification information to an account, and later confirming the falsely added verification information to gain access to the account
  • hijacking an email server to spoof email to make it look like it came from a registrant

Why They do It - Some hijackers do it for the money. Domain names are often valuable, either for their value to an existing business, for resale, or for the click-through traffic that they might bring. Some do it for the challenge or the notoriety. It is not uncommon for a hijacker to breach an account and assume control of the domain names in the account, yet not sell them. Some might do it purely to be malicious. What matters most is that these people are out there, they are persistent, and they have no qualms at all about taking your valuable assets away from you.

Once stolen, it can be difficult to recover a domain name. Registrars are often skeptical of claims of domain hijacking, and the hijackers often "launder" the domain names to look as if they have sold them to third parties, even if they have not. By the time you discover that your domain name has been stolen, it may be at its third or fourth different registrar in the name of a completely different party, who claims to have purchased the domain for value. At that point, you may need help unraveling the mess - but what if your domain name is not worth enough to justify hiring an attorney? What if the registrar still won't listen? You may have to try to track down the thief, and sue him or her to recover your name, or you may have to sue the third party who purchased the domain name from the thief. These are both costly propositions, and while you pursue legal action, your online business is quietly being dismantled and monetized by the thief or the new "owner" of the domain.

Prevention - When confronted with the issue of domain hijacking, the best practice is to prevent a hijacking from ever occurring. The hijackers are aware of certain vulnerabilities in the domain name registration system, and they exploit these weaknesses. You can reduce the likelihood that any of your domain names will ever be hijacked by following some simple rules:

  • Always maintain accurate contact information with your registrar or services provider - In the event of a theft, if the Whois information for a domain is inaccurate, it will be difficult for a registrar or service provider to determine who the rightful registrant of the domain name should be. Don't make things more difficult for yourself by providing phony contact information.
  • Register Your Domains with a Reputable Registrar - There are literally hundreds of registrars to choose from and thousands upon thousands of resellers. Complaints about lack of service and responsiveness at shady service providers abound. If your domain name is hijacked from one of these providers, you may have a difficult time getting anyone to listen. Domain name resellers are not under contract with ICANN and are not directly obligated to follow the same transfer confirmation processes that ICANN requires of registrars. Many do, but there is a greater risk that a reseller will not follow best practices, making it more likely that your domain name can be hijacked. Also look for a registrar that sends a transfer confirmation email prior to transferring a domain name.
  • Never Allow your Listed Email Address to Expire - Your email address is the key to unlocking your domain names. Your listed registrant or administrative contact email address can be used at many registrars to reset the controlling user name and password for your account. In addition, under ICANN's Transfer Policy, a gaining registrar usually obtains the required transfer confirmation through electronic mail, sent to the registrant or administrative contact email address on file for the domain name. If you allow your email address to expire, a hijacker will steal your domain name, provided it's worth stealing.
  • Keep User Names and Passwords Secure - Do not share these with anyone, unless they have an absolute need to know.
  • Use a Whois Privacy Service - If your contact information, including your email address, is private, it will be harder to spoof.
  • Lock Your Domains - This is self-explanatory. Many registrars offer a "locking" service, and will not allow a transfer of a locked domain.
  • Monitor Your Portfolio - Routinely monitor your portfolio for any unauthorized changes. The sooner that a hijacking is discovered, the better chance that you have of recovering your domains. This can also be done through an automated script.

If you follow these steps, you will greatly reduce the likelihood that your domain names will be stolen, or, if stolen, that you will be able to recover them quickly. It also helps to have a contingency plan in-hand, know the phone numbers that you will have to call in an emergency, and keep up to date records showing that you are the master of your domains.

By Brett Lewis, Internet Attorney

Related topics: DNS, Domain Names, ICANN, Privacy, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

LogicBoxes Announces Automation Solutions for ccTLD

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Update on Minds + Machines' Top-Level Domain Launches

ICANN Los Angeles Recap Webinar

TLD Registry Appoints First China General Manager, Mr Jin Wang

TLD Registry Opens China Headquarters in "China's Silicon Valley"

.nyc Goes Public to Brand the Big Apple

pink.host: Breast Cancer Awareness by Bluehost

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Infographic: Where in the World Do Chinese People Live?

Auctions Update: MMX Wins .law and .vip

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNS Security

Sponsored by
Afilias