Recently, there’s been an uptick in the Amount of domains That are being stolen. I am not sure whether it’s due to the globalpandemic and individuals are getting more desperate for cash, or in case domain namethieves are taking advantage of the changing electronic and techatmosphere. COVID-19 is causing more of us to be online and conduct business online. But that also means that many do not fully understand how to properly protect their electronic assets, like domains. This could be why we are seeing more and more online scams, phishing, and online theft generally.
When I think of electronic assets, I think of many different types. Our electronic assets may consist of access to your bank account on line, access to reports such as cryptocurrency accounts, and payment transaction sites like PayPal, Masterbucks, and Venmo. Then there’s online shopping websites’ logins, such as Amazon, Walmart, Target, and eBay, where most probably you have an account where your payment information is stored. Apple Purchase and Google Pay would be other people, in addition to your website hosting account that manages your email (if you don’t utilize Gmail.com or Outlook.com), and, ultimately, your domain . If your domain namegoes missing, then you eliminate a lot: accessibility to email, in addition to your website probably will return, where you’ll eliminate visibility, online sales, and customers. Online thieves are hacking sites and anywhere there’s a login, because they’re trying to get to your digital assets.
Many People are now used to protecting our online accounts using a unique, secure password for every login that we’ve got online. An significant part protecting digital assets, and domains, would be to make sure thatyou have a secure password and two-factor authentication setup to your login at your domain nameregistrar. In many cases, if a thief gains access into an account at a domain nameregistrar, the consequences can be catastrophic if you do not have extra protections in place to safeguard your domain .
Hackers who access a domain nameregistrar’s account may do several things that would interrupt your business:
They may even keep your samecontact info about the WHOIS record so thatit seems like you still own it–but the domain namemay be moved in their account. If it’s out of your account and you no longer command the domain , then they have stolen the domain nameand mayresell it.
The thief or hacker could transfer the domain name from that registrar to another registrar. As soon as they begin the transfer then they have attempted to steal the domain , and as soon as it is moved then it is regarded as stolen. They can keep the same name servers so it points to your website, so you don’t notice that it is stolen.
Digital thieves know that domain name Titles are valuable, as they are electronic assets that may be sold for tens of thousands, thousands, hundreds of tens of thousands as well as millions of dollars. Unfortunately, domain namecrimes typically go un-prosecuted. In many cases, the domain thieves are not found in thesame state as the sufferer. They all have the same thing in common: they wish to benefit monetarily from slipping the domain name. Following is a fewdomain namecrimes that I’ve seen lately:
A organization’saccount at a domain nameregistrar was hacked (using social engineering). The company was involved in cryptocurrency, so gaining access to the domain name enabled for the hackers to access the company’s crypto exchange.
The domain thief posed as a domain namebuyer, telling the domain nameowner they wanted to purchase their domain namefor several thousand dollars. The buyer and seller agreed to a price, the thief told them they could pay them via cryptocurrency. The seller moved the domain name once they had been given details of the cryptocurrency transaction. After the seller attempted to access the cryptocurrency and”cash in”, it was invalid. They had been scammed, and dropped the domain .
A domain name owner who has a portfolio of domain names gets their account hacked at a domain nameregistrar. The owner doesn’t realize this, and the domains are transferred to another registrar in another nation. The gaining registrar is uncooperative (or in about the theft), and will not return the domains.
A domain name owner has his or her account hacked at the domain nameregistrar and domains are moved out to another registrar. Then they sell the domains to someone else, and the domains are moved yetagain to another registrar. This occurs several times, with different registrars. People who purchased the domain names do not know they are stolen, and they shed any investment they made in the domains. At times it’s hard to unravel cases like this, since there are numerous owners and registrars involved.
All Of these happened in the past two to three months. In the case of the domain name purchase scam, the seller must have used a domain nameescrow service, there are numerous reputable escrow services, including Epik.com’s Domain Escrow Services, in addition to Escrow.com that manages domain name sales.
Just how do you minimize the risk of your domain namegetting stolen?
Transfer your domain name to a secure registrar.
Set up registry (transfer lock) in your domain name.
Assess WHOIS data regularly.
Renew the domain name for many years or”forever”.
Take advantage of additional security features at your own Password.
Protect your domain using a domain name warranty.
Consider Moving your domain nameto a secure domain name registrar. There areregistrars that have not kept up with common safety practices, like letting you set up 2-Factor Authentication in your account, Registrar Lock (that halts domain nametransfers), as well as preparing a PIN number in your account for customer service interactions.
Log Into your domain nameregistrar’s account on a regular basis. I can notreally say how frequently you want to get this done, but you should do it on a normal schedule. Log in, make sure you have the domain name(s) on your account, make sure they are on auto-renew, and nothing looks out of the ordinary. This less-than-5-minute task could literally save your domain namefrom being stolen.
Establish Registrar Lock or”transfer lock” in your domain . Some Registrars call it”Executive Lock” or something similar. It’s a setting that makes certain thatthe domain namecannot be moved into another account without needing it turned off. Some go so far as keeping it”on” unless they get verbal confirmation that it needs to be transferred.
Check The WHOIS data on the domain . Check it publicly on a public WHOIS, such as at ICANN’s WHOIS, WhoQ, or at your registrar. Make certain it’s correct, even the email addresses.
For valuable domains (or ones thatyou don’t wish to shed). You can get a “forever” domain nameregistration at Epik.com.
Request the registrar in the event the account access can be restricted based on The IP address of the person logging into the account. Request the accounts if the account may be restricted from logging in by a USB Device, such as a bodily Titan Security Crucial, or a Yubikey. If you have Google Advanced Protection enabled in your Google Account, you may have two physical keys to access that Google Account (and a few advanced security in the Google backend). You’d then have those Advanced Protection keys out ofGoogle to protect the domains on Google Domains.
Consider protecting your domain (s) using a domain name warranty or service that protects these digital assets, including DNProtect.com.
Some domain name registrars, especially those who take domain name Security really seriously, have upgraded their systems”behind the scenes” so to speak. It’s harder for the fraudsters and thieves to steal domains at these registrars. Some domain name registrars do nothave 24/7 technical assistance, they can outsource their customer supportrepresentatives, and their domain name registrarsoftware is outdated.
Domain Name Thefts Occurring Right Now
As I write this now, I have been informed of at least20 very valuable domains that were stolen from their owners in the previous 60 days. For example, of 2 cases I personally affirmed, the domain names were stolen from one particular domain nameregistrar, based in the united states. The domains were moved to another domain nameregistrar in China. Both these companies who own the domains are, in fact, based on the United States. Thus, it is not logical that they would transfer their domain names into a Chinese domain name registrar.
In the case of
Both domains, this same domain name thief kept the domain name ownership records intact, and they both reveal the former owners. However, in one case, part of the domain namecontact record was changed, andthe prior owner’s address is present, but the last portion of the addressis listed as a Province in China, and not Florida, where the businesswhose domain name has been stolen is located.
What tipped us off to these stolen domain is that both Domains were listed for sale on a favorite domain name market. But, these are domains where the overall consensus of the value would be over $100,000 per year, and were listed for 1/10th of their value. Bear in mind the 1 year old $150,000 Porsche listed for sale on Craigslist for $15,000? It’s too good to be true, and probably it’sstolen. The same goes for all these domains that are supposedly stolen. The price gives them away, and, in this case, the ownership records (that the WHOIS records) also reveal evidence of the theft.
It’s never Been important to take responsibility for your electronic assets, and Ensure thatthey are using a domain nameregistrar that has adapted And developed with the times. A few moments spent sensibly, securing your Digital assets, is critical in times like these. It can be the Difference between your valuable digital assets and web properties being Safeguarded, or possibly subjected to theft and risk.