Recently, there has been an uptick in the Amount of domain names That are being stolen. I am not positive if it’s because of the globalpandemic and individuals are getting more desperate for money, or if domain namethieves are using the shifting digital and techenvironment. COVID-19 is inducing more of us to become online and conduct business online. But this also means that many don’t fully understand how to properly protect their digital assets, like domain names.
When I think of digital assets, I think of several distinct types. Then there’s online shopping sites’ logins, for example Amazon, Walmart, Target, and eBay, in which most probably you have an account where your payment information is stored. Apple Purchase and Google Pay are others, as well as your website hosting account which manages your email (unless you utilize Gmail.com or Outlook.com), and, ultimately, your domain name. If your domain namegoes missing, then you lose a lot: access to email, as well as your site probably will go down, where you’ll lose visibility, online sales, and clients. Online thieves are hacking sites and anywhere there’s a login, since they’re attempting to access your digital assets.
Protecting Online Accounts
Many Of us are now utilized to protecting our online accounts using a unique, protected password for every login that we’ve got online. An important part of protecting digital assets, and domain names, is to make sure you get a safe password and two-factor authentication setup for your login at your domain nameregistrar. In many cases, if a burglar gains access into an account at a domain nameregistrar, the consequences can be catastrophic if you don’t have additional protections in place to protect your domain name.
Hackers who gain access to your domain nameregistrar’s account can do several things that would disrupt your company:
They could point the domain name to another web server, perhapstheir”copy” of your site. You’d think that it’s the copy, however, the copy may contain malicious code.I’ve even seen them direct online sales from a copy of your site to them so they profit monetarily from it via identity theft or diverting funds.
The thief or hacker could push the domain name in their account. They may even keep your contact information about the WHOIS record so it seems like you still own it–but the domain namemay be transferred in their account. If it’s out of your account and you no longer control the domain name, then they have stolen the domain nameand canresell it. Whenever they start the transfer then they have tried to steal the domain name, and as soon as it is moved then it is considered to be stolen. They can keep the same name servers so it stillpoints to your site, so you don’t notice that it is stolen.
Digital thieves know that domain Titles are valuable, as they’re digital assets which can be sold for thousands, tens ofthousands, hundreds of tens of thousands and even millions of dollars. Unfortunately, domain namecrimes typically go un-prosecuted. In many cases, the domain thieves aren’t located in precisely thesame country as the victim. They all have the same thing in common: they wish to benefit monetarily from slipping the domain name. Following is a coupledomain namecrimes that I’ve found recently:
A organization’saccount at a domain nameregistrar was hacked (using social technology). The company was involved in cryptocurrency, so gaining access to this domain name allowed for the hackers to get the company’s crypto exchange.
The domain burglar posed as a domain namebuyer, telling the domain nameowner they wanted to buy their domain namefor several thousand dollars. The buyer and seller agreed to a cost, the burglar told them they could pay them via cryptocurrency. The seller moved the domain name once they had been given details of this cryptocurrency transaction. When the seller tried to access the cryptocurrency and”cash in”, it was invalid. They had been scammed, and lost the domain name.
A domain name owner who has a portfolio of domain names gets their account hacked at a domain nameregistrar. The owner doesn’t realize this, and the domain names are transferred to another registrar in another nation. The gaining registrar is stubborn (or in about the theft), and will not return the domain names.
A domain name owner has her or his account hacked at the domain nameregistrar and domain names are moved out to another registrar. They then sell the domain names to somebody else, and the domain names are moved yetagain to another registrar. This occurs several times, with different registrars. People who bought the domain names don’t know they are stolen, and they lose any investment they made in the domain names. At times it’s difficult to unravel cases similar to this, as there are numerous owners and registrars involved.
All Of these happened in the previous two to three weeks. And so are justexamples of where the domain name owner might have done something to stop the domain name theft. In the instance of this domain name sale scam, the seller must have employed a domain nameescrow service, there are numerous reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that manages domain name sales.
Just how do you minimize the risk of your domain namegetting stolen?
Transfer your domain name to a protected accounts.
Setup registry lock(transfer lock) on your domain name.
Assess WHOIS information regularly.
Renew the domain name for several years or”eternally”.
Use other security attributes at your own Password.
Protect your domain with a domain name warranty.
Consider Transferring your domain nameto a protected domain name registrar. There areregistrars that have not kept up with common security practices, like letting you set up 2-Factor Authentication on your account, Registrar Lock (which halts domain nametransfers), and even preparing a PIN number on your account for customer service interactions.
Log Into your domain nameregistrar’s account on a regular basis. I can’treally say how frequently you need to do this, but you ought to get it done on a normal schedule. Log in, be sure you stillhave the domain name(s) on your account, be sure they are on auto-renew, and nothing looks out of the normal.
Establish Registrar Lock or”transport lock” on your domain name. Some It is a setting which makes certain the domain namecannot be moved to another registrar without needing it turned off. Some go as far as maintaining it”on” unless they get verbal confirmation which it should be transferred.
Check The WHOIS information on the domain name. Test it openly on a public WHOIS, like at ICANN’s WHOIS, WhoQ, or even at your registrar.
Renew your domain name for several decades. For valuable domain names (or ones you don’t want to shed). You can get a “eternally” domain nameregistration at Epik.com.
Ask the accounts in the event the account access can be restricted based on Ask the registrar if the account can be restricted from logging in by a USB Device, like a physical Titan Security Key, or even a Yubikey. If you have Google Advanced Protection allowed on your Google Account, you will have two physical keys to get this Google Account (and a few advanced security in the Google back-end). You’d then have those Advanced Protection keys out ofGoogle to protect the domain names on Google Domains.
Look at protecting your domain name(s) with a domain name warranty or service which protects those digital assets, such as DNProtect.com.
Some domain name registrars, especially those who take domain name It is more difficult for the fraudsters and thieves to steal domain names at these registrars. Some domain name registrars don’thave 24/7 technical assistance, they can outsource their customer supportagents, and their domain name registrarsoftware is obsolete.
Domain Name Thefts Occurring at This Time
As I write this now, I have been advised of at least20 very valuable domain names which were stolen by their owners at the previous 60 days. As an example, of two cases I personally affirmed, the domain names were stolen out of one particular domain nameregistrar, based in the USA. The domain names were moved to some other domain nameregistrar in China. Both ofthese companies who own the domain names are, in actuality, based on the United States. Thus, it is not logical that they’d transfer their domain names into a Chinese domain name registrar.
In the case of
Both domain names, the same domain name thief retained the domain name ownership records whole, and they both show the former owners. However, in 1 instance, part of this domain namecontact record was changed, andthe former owner’s address is present, however, the last portion of the speechis recorded as a Province in China, rather than Florida, in which the businesswhose domain name has been stolen is located.
What tipped us off to those stolen domain is that both Domains names were listed for sale on a popular domain name market. But, these are domain names in which the overall consensus of this value could be over $100,000 per year, and were recorded for 1/10th of their value. Bear in mind the 1 year old $150,000 Porsche listed for sale on Craigslist for $15,000? It is too good to be true, and probably it isstolen. The same goes for all these domain names which are allegedly stolen. The cost gives them away, also, in this case, the possession records (the WHOIS documents) also show evidence of this theft.
It has never Been important to take responsibility for your digital assets, and Make sure they are with a domain nameregistrar that has adapted And developed with the times. A few moments spent sensibly, securing your Digital resources, is critical in times like these. It can be the Difference between your valuable digital assets and internet properties being Safeguarded, or potentially exposed to theft and risk.