Home / Blogs

Help! My Domain Name Has Been Hijacked!

Brett Lewis

They are out there. In Internet Cafes and dark rooms from New York to Hong Kong to Iran, the domain name hijackers are plotting to steal your domain names. Fortunately, there are some steps that you can take to protect yourself against losing your domain names.

What is Domain Name Hijacking? Domain name hijacking is the terminology commonly used to describe the wrongful taking of a domain name from its rightful owner, by deception or fraud. Some common forms of domain hijacking include:

  • impersonation of a registrant in communications with a registrar (sometimes called "social engineering")
  • registering a lapsed registrant email address to reset a password and authorize a transfer of registrar or registrant
  • registering a lapsed domain name, used for an administrative contact or registrant email address, and then spoofing the email address
  • hacking or spyware
  • forgery of transfer authorizations or other account verification information
  • theft by a disgruntled company employee or business partner
  • adding new verification information to an account, and later confirming the falsely added verification information to gain access to the account
  • hijacking an email server to spoof email to make it look like it came from a registrant

Why They do It - Some hijackers do it for the money. Domain names are often valuable, either for their value to an existing business, for resale, or for the click-through traffic that they might bring. Some do it for the challenge or the notoriety. It is not uncommon for a hijacker to breach an account and assume control of the domain names in the account, yet not sell them. Some might do it purely to be malicious. What matters most is that these people are out there, they are persistent, and they have no qualms at all about taking your valuable assets away from you.

Once stolen, it can be difficult to recover a domain name. Registrars are often skeptical of claims of domain hijacking, and the hijackers often "launder" the domain names to look as if they have sold them to third parties, even if they have not. By the time you discover that your domain name has been stolen, it may be at its third or fourth different registrar in the name of a completely different party, who claims to have purchased the domain for value. At that point, you may need help unraveling the mess - but what if your domain name is not worth enough to justify hiring an attorney? What if the registrar still won't listen? You may have to try to track down the thief, and sue him or her to recover your name, or you may have to sue the third party who purchased the domain name from the thief. These are both costly propositions, and while you pursue legal action, your online business is quietly being dismantled and monetized by the thief or the new "owner" of the domain.

Prevention - When confronted with the issue of domain hijacking, the best practice is to prevent a hijacking from ever occurring. The hijackers are aware of certain vulnerabilities in the domain name registration system, and they exploit these weaknesses. You can reduce the likelihood that any of your domain names will ever be hijacked by following some simple rules:

  • Always maintain accurate contact information with your registrar or services provider - In the event of a theft, if the Whois information for a domain is inaccurate, it will be difficult for a registrar or service provider to determine who the rightful registrant of the domain name should be. Don't make things more difficult for yourself by providing phony contact information.
  • Register Your Domains with a Reputable Registrar - There are literally hundreds of registrars to choose from and thousands upon thousands of resellers. Complaints about lack of service and responsiveness at shady service providers abound. If your domain name is hijacked from one of these providers, you may have a difficult time getting anyone to listen. Domain name resellers are not under contract with ICANN and are not directly obligated to follow the same transfer confirmation processes that ICANN requires of registrars. Many do, but there is a greater risk that a reseller will not follow best practices, making it more likely that your domain name can be hijacked. Also look for a registrar that sends a transfer confirmation email prior to transferring a domain name.
  • Never Allow your Listed Email Address to Expire - Your email address is the key to unlocking your domain names. Your listed registrant or administrative contact email address can be used at many registrars to reset the controlling user name and password for your account. In addition, under ICANN's Transfer Policy, a gaining registrar usually obtains the required transfer confirmation through electronic mail, sent to the registrant or administrative contact email address on file for the domain name. If you allow your email address to expire, a hijacker will steal your domain name, provided it's worth stealing.
  • Keep User Names and Passwords Secure - Do not share these with anyone, unless they have an absolute need to know.
  • Use a Whois Privacy Service - If your contact information, including your email address, is private, it will be harder to spoof.
  • Lock Your Domains - This is self-explanatory. Many registrars offer a "locking" service, and will not allow a transfer of a locked domain.
  • Monitor Your Portfolio - Routinely monitor your portfolio for any unauthorized changes. The sooner that a hijacking is discovered, the better chance that you have of recovering your domains. This can also be done through an automated script.

If you follow these steps, you will greatly reduce the likelihood that your domain names will be stolen, or, if stolen, that you will be able to recover them quickly. It also helps to have a contingency plan in-hand, know the phone numbers that you will have to call in an emergency, and keep up to date records showing that you are the master of your domains.

By Brett Lewis, Internet Attorney

Related topics: DNS, Domain Names, ICANN, Privacy, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

General Availability Period for New .RED Top-Level Domain Opens

General Availability Period for New .BLUE Top-Level Domain Opens

General Availability Period for New .PINK Top-Level Domain Opens

New Chinese "Mobile" Top-Level Domain Now Available

New .KIM Domain Goes Live

Welcome .SHIKSHA! General Availability Now Open

Adrian Kinderis Appointed as Chair of Domain Name Association

Internet Reaches 271 Million Domain Names in the Fourth Quarter of 2013

Why We Decided to Stop Offering Free Accounts

The Future of Chinese Domain Names (a Panel Discussion)

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Afilias Chairman Appointed to Domain Name Association Board

.BUILD Enters Landrush with Support of ARI Registry Services

Dyn Acquires Managed DNS Provider Nettica

Radix Awards Contracts for .website, .host, .space, and .press to CentralNic plc

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

Afilias Welcomes "Dot Chinese Online" and "Dot Chinese Website" Top-Level Domains to the Internet

Afilias Joins Internet Technical Leaders in Welcoming IANA Globalization Progress

Sponsored Topics