Minimizing the Risk of Having Your Domain Name Stolen

Minimizing the Probability of Having Your Domain Name Stolen

Recently, there has been an uptick in the number of domain names That are being stolen. I am not positive whether it’s due to the worldwidepandemic and people are becoming more desperate for cash, or in case domain namethieves are using the changing electronic and techatmosphere. COVID-19 is causing more people to be online and conduct business online. But this also means that many do not fully comprehend how to properly protect their electronic assets, like domain names. This could be why we’re seeing more and more online scams, phishing, and internet theft generally.

Digital Assets

When I think of electronic assets, I think of several distinct types. Then there is online shopping websites’ logins, such as Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment information is stored. Apple Pay and Google Pay are other people, as well as your website hosting account that manages your email (unless you use or, and, finally, your domain . If your domain namegoes missing, then you lose a lot: accessibility to email, as well as your site probably will go down, where you are going to lose visibility, online sales, and clients. Online thieves are hacking sites and anywhere there’s a login, because they’re trying to access your digital assets.

Many People are now utilized to safeguarding our online accounts using a unique, protected password for each login that we’ve got online. An significant part protecting digital assets, and domain names, would be to make sure thatyou have a secure password and two-factor authentication set up for your login in your domain nameregistrar. In many cases, if a thief gains access into an account in a domain nameregistrar, the consequences can be disastrous if you do not have extra protections in place to protect your domain .

Hackers who access a domain nameregistrar’s account can perform a few things that would disrupt your business:

They can point the domain name to another web server, perhapstheir”copy” of your site.
The thief or hacker can push the domain name into their account. They may even keep your samecontact information on the WHOIS record so thatit looks like you still own it–but the domain namemay be moved into their account. When it’s from your account and you no longer control the domain , then they’ve stolen the domain nameand canresell it.
The thief or hacker can move the domain name with that registrar to another registrar. Whenever they begin the transfer then they’ve attempted to steal the domain , and when it’s moved then it’s considered to be stolen. They may keep the same name servers so it stillpoints to your site, and therefore you don’t detect that it’s stolen.

Digital thieves understand that domain name Names are valuable, as they are electronic assets that can be sold for tens of thousands, tens ofthousands, hundreds of tens of thousands and even millions of dollars. Regrettably, domain namecrimes generally go un-prosecuted. In many cases, the domain thieves are not located in precisely thesame country as the sufferer. They all have the same thing in common: they want to gain monetarily from stealing the domain name. Following is a coupledomain namecrimes that I’ve found recently:

A organization’saccount in a domain nameregistrar was hacked (using social engineering). The company was involved in cryptocurrency, therefore gaining access to this domain name allowed for the hackers to get the company’s crypto exchange.
The domain thief posed as a domain namebuyer, telling the domain nameowner they wanted to purchase their domain namefor a few thousand dollars. The buyer and seller agreed to a cost, the thief told them that they could pay them via cryptocurrency. The seller moved the domain name when they were given details of this cryptocurrency transaction. They were scammed, and dropped the domain .
A domain name owner that has a portfolio of domain names gets their account hacked in a domain nameregistrar. The owner does not realize this, and the domain names are transferred to another registrar in a different nation. The gaining registrar is uncooperative (or in on the theft), and won’t return the domain names.
A domain name owner has his or her account hacked in the domain nameregistrar and domain names are moved out to a different registrar. Then they sell the domain names to someone else, and the domain names are moved again to a different registrar. This occurs several times, with various registrars. Those who purchased the domain names do not know they are stolen, and they shed any investment that they made in the domain names. Sometimes it’s hard to unravel cases like this, since there are numerous owners and registrars involved.

All Of these occurred in the past two to three weeks. In the case of this domain name purchase scam, the seller should have employed a domain nameescrow assistance, there are numerous reputable escrow services, such as’s Domain Escrow Services, as well as that manages domain name sales.

So just how do you minimize the danger of your domain namegetting stolen?

Transfer your domain to a protected registrar.
Set up registry lock(transfer lock) on your domain.
Assess WHOIS information regularly.
Renew the domain for several years or”forever”.
Use other security features at your own Password.
Protect your domain using a domain name warranty.

Consider Moving your domain nameto a protected domain name registrar. There areregistrars that have not kept up with common safety practices, such as allowing you to install 2-Factor Authentication on your account, Registrar Lock (that halts domain nametransfers), and even preparing a PIN number on your account for customer support interactions.

Log Into your domain nameregistrar’s account on a regular basis. I can notreally say how often you need to do this, but you ought to do it on a normal schedule. Log in, make sure to stillhave the domain name(s) in your account, make sure they are on auto-renew, and nothing appears out of the normal.

Establish Registrar Lock or”transfer lock” on your domain . Some Registrars call it”Executive Lock” or something similar. It’s a setting that makes certain thatthe domain namecannot be moved to another registrar without having it turned off.

Assess The WHOIS information on the domain . Test it publicly on a public WHOIS, such as in ICANN’s WHOIS, WhoQ, or even in your registrar. If the domain nameis using WHOIS Privacy, send an email to the obfuscated email address to make sure youget the email.

Renew your domain name for several years. For valuable domain names (or ones thatyou don’t want to shed). It’s possible to find a “forever” domain nameregistration in

Request the registrar in the event the account access can be limited based on The IP address of the person logging in to the account. Request the accounts if the account can be restricted from logging in by a USB Device, such as a physical Titan Security Crucial, or even a Yubikey. If you have Google Advanced Protection enabled on your Google Account, you may have two physical keys to get this Google Account (plus some advanced security in the Google back-end). You’d then have those Advanced Protection keys out ofGoogle to protect the domain names on Google Domains.

Look at protecting your domain (s) using a domain name warranty or support that protects those digital assets, such as

It’s more difficult for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars don’thave 24/7 technical support, they may outsource their customer supportagents, and their domain software is outdated.

As I write this today, I have been informed of 20 very valuable domain names that were stolen from their owners at the last 60 days. For example, of two cases I personally confirmed, the domain names were stolen from one specific domain nameregistrar, based in the united states. The domain names were moved to some other domain nameregistrar in China. Both ofthese companies who own the domain names are, in actuality, based in the USA. So, it’s not plausible that they’d move their domain names into a Chinese domain name registrar.

In the case of
Both domain names, the same domain name thief kept the domain name ownership records whole, and they both show the former owners. But in one case, part of this domain namecontact record was altered, andthe former owner’s address is current, however, the final part of the addressis listed as a Province in China, rather than Florida, where the businesswhose domain name was stolen is located.

What tipped us off to those stolen domain is that both Domains names were listed for sale on a favorite domain name market. However, these are domain names where the general consensus of this value would be over $100,000 per year, and were listed for 1/10th of their value. It’s too good to be true, and probably it isstolen. The same is true for all these domain names that are supposedly stolen. The cost provides them away, and, in this case, the possession records (the WHOIS records) also show evidence of this theft.

It’s never Been more important to take responsibility for your electronic assets, and Make sure thatthey are using a domain nameregistrar that has accommodated And evolved with the times. A few minutes spent sensibly, securing your Digital assets, is imperative in times like these. It can be the Difference between your precious digital assets and web properties being Safeguarded, or potentially exposed to theft and risk.

Leave a Reply