Owner Information: Domain Hijacking!

You may think that once you register a domain name, it’s yours, end of story. But like other kinds of valuable property, a domain name can be stolen, or “hijacked.” Here is the lowdown on domain hijacking, and how owners can help keep their domains secure.

Put simply, domain name hijackers rely on identity theft to wrest control of valuable domain names away from their owners by convincing the registrar that they own the domain and want to change the password and access privileges.  They attempt this by hacking into the owner’s email, creating a new, fake email, or simply calling the registrar and claiming to be the owner. It would be analogous to pretending to be the owner of someone else’s house and asking a locksmith to change the locks and give you the new keys.

To make it more difficult for domains to be recovered, once they gain control of a domain hijackers typically transfer the domain registration to a different host, preventing the original registrar from being able to correct their mistake and making it much harder to recover the domain.  To continue the analogy, this is like doing the whole lock change scam with a Winnebago and then immediately driving it away.

To make hijacking more difficult, ICANN (the TSA of the internet) requires a 60-day grace period when changing registrars, which stops the thief from immediately driving away.   Additionally, here are some general rules of thumb for domain owners for further theft prevention.

1) Make sure your contact information that the registrar has is 100% accurate and functional.  Registrars should be able to contact you immediately should they ever need to, (and sometimes free email addresses, like ones from Yahoo, can time out due to inactivity if not regularly used).

2) Make sure that your website is registered to the head of the company it represents.  If an outside contractor or potentially temporary employee of the company registers it, problems are more likely to arise down the road as relationships between employers and contractors, or ex-employees change.

3) Check with your registrar about additional security options they may have.  From separate, additional passwords to requiring that all registrar changes happen in person, there are often various levels of security that your registrar may offer.

4) Consider using a private registration service.  This means that as the owner of a website, your contact information is not listed in the Whois database, so it’s harder to impersonate you.  Beware, though, this also can sometimes make it harder to contact you, the owner, for legitimate reasons, such as to verify ownership of a domain that has been legitimately transferred.

Be safe!

Comments are closed.