Recently, there has been an uptick in the number of domain names That are being stolen. I am not sure whether it’s because of the globaloutbreak and people are getting more desperate for money, or in case domain thieves are taking advantage of their changing digital and technologyatmosphere. COVID-19 is inducing more people to be online and conduct business online. But that also means that many don’t fully understand how to properly protect their digital assets, like domain names. This may be why we are seeing more and more online scams, phishing like Google Ads phishing, and online theft in general.
While I think of digital resources, I think of many different kinds. Our digital assets may consist of access to your bank account on line, access to reports like cryptocurrency accounts, and payment transactionsites like PayPal, Masterbucks, and Venmo. Then there is online shopping websites’ logins, such as Amazon, Walmart, Target, and eBay, where most probably you have an account where your payment information is stored. Apple Pay and Google Pay are many others, as well as your web site hosting account that manages your email (unless you use Gmail.com or Outlook.com), and, finally, your domain . In case your domain goes lost, then you lose a lot: access to email, as well as your website most likely will return, where you are going to lose visibility, online sales, and clients. Online thieves are hacking websites and anywhere there is a login, since they’re attempting to access your digital resources.
Protecting Online Accounts
Many of us are now Utilized to safeguarding our online accounts by using a Unique, secure password for every login that we have online. An significant part protecting digital resources, and domain names, would be to make surethatyou get a secure password and two-factor authentication set up for your login in your domain registrar. In many cases, if a thief gains access to an account in a domain registrar, the consequences can be disastrous if you don’t have additional protections in place to safeguard your domain .
Hackers who access your domain registrar’s account may do several things that would disrupt your business:
The thief or hacker could make changes to the DNS records for your domain .
The thief or hacker could push the domain name into their account. They may even keep your samecontact info on the WHOIS record so thatit looks like you still own itbut the domain may be transferred into their account. When it’s from your account and you no longer command the domain , then they have stolen the domain and mayresell it. As soon as they start the transfer then they haveattempted to steal the domain , and when it is moved then it is considered to be stolen. They may keep the exact same name servers so it points to your website, and therefore you don’t notice that it is stolen.
Digital thieves know that domain names are valuable, since they’re Digital assets that may be sold for thousands, tens ofthousands, hundreds of thousands, as well as millions of dollars. Regrettably, domain crimes typically go un-prosecuted. In many cases, the domain thieves aren’t located in the exact same state as the victim. They allhave exactly the exact same thing in common: they wish to benefit monetarily from stealing the domain name. Following is a couple domain crimes that I’ve seen lately:
A organization’s account in a domain registrar was hacked (using social engineering). The business was involved in cryptocurrency, thusgaining access to the domain name allowed for the hackers to access the organization’s crypto exchange.
The domain thief posed as a domain buyer, telling the domain owner they wanted to buy their domain for several thousand dollars. The buyer and seller agreed to a cost, the thief told them that they could pay them via cryptocurrency. The seller moved the domain name when they were given details of the cryptocurrency trade. They were scammed, and lost the domain .
A domain name owner that has a portfolio of valuabledomain names gets their account hacked in a domain registrar. The owner doesn’tcomprehend this, and the domain names are transferred to another registrar in another nation. The gaining registrar is uncooperative (or in on the theft), and won’t return the domain names.
A domain name owner has his or her account hacked in the domain registrar and domain names are moved out to another registrar. They then sell the domain names to someone else, and the domainsare moved again to another registrar. This happens several times, with various registrars. People who bought the domain names don’t know they are stolen, and they lose any investment that they made in the domain names. At times it’s hard to unravel cases like this, asthere are several owners and registrars involved.
All these happened in the past two to three months. And so are only Examples of where the domain name owner could have done something to block the domain name theft. In the instance of the domain sale scam, the seller must have used a domain escrow assistance, there are several reputable escrow services, including Epik.com’s Domain Escrow Services, as well as Escrow.com that manages domain name sales.
Just how can you minimize the risk of your domain getting stolen?
Move your domain name to a secure registrar.
Log in to your registrar account on a regular basis.
Setup registry lock(transfer lock) in your domain name.
Assess WHOIS data frequently.
Renew the domain name for many years or”eternally”.
Take advantage of other security attributes at your registrar.
Shield your domain using a domain name warranty.
Think about moving your domain to a secure domain name registrar. You will find registrars that have not kept up with common securitypractices, like allowing you to install 2-Factor Authentication inyour account, Registrar Lock (that halts domain transfers), as well as setting up a PIN number in your account for customer supportinteractions.
Log in to your domain registrar’s account on a regular basis. I Can’t actually say how frequently you need to do this, but you should get it done on a regular schedule. Log in, make sure to have the domain name(s) on your account, make sure they are on auto-renew, and nothing looks out of the normal.
Set up Registrar Lock or”transfer lock” in your domain . Some Registrars call it”Executive Lock” or something similar. It is a setting that makes sure thatthe domain cannot be moved into another account without needing it turned off. Some go as far as keeping it”on” unless they get verbal confirmation that it should be transferred.
Check the WHOIS data on the domain . Test it openly on a Public WHOIS, like in ICANN’s WHOIS, WhoQ, or in your registrar. In case the domain is using WHOIS Privacy, send an email to the obfuscated email address to make sure to make the email.
Years for valuable domain names (or ones thatyou don’t wish to lose). You can find a “eternally” domain registration in Epik.com.
Ask the registrar in the event the account access can be limited based on The IP address of the person logging in to the account. Ask the registrar if the account may be restricted from logging in by a USB Device, like a physical Titan Security Key, or a Yubikey. In case you have Google Advanced Protection allowed in your Google Account, you will have two physical keys to access that Google Account (plus a few innovative protection in the Google backend). You would then have those Advanced Protection keys fromGoogle to protect the domain names on Google Domains.
Consider protecting your domain (s) using a domain name warranty or support that protects those digital resources, including DNProtect.com.
It is harder for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars do nothave 24/7 technical support, they may outsource their customer supportagents, and their domain name registrarsoftware is obsolete.
As I write this today, I have been advised of 20 very Valuable domain names that were stolen from their owners in the last 60 days. For example, of 2 cases I personally confirmed, the domain names were stolen out of one particular domain registrar, based in the united states. The domain names were moved to some other domain registrar in China. Both these companies who own the domain names are, in fact, based on the USA. So, it is not plausible that they’dtransfer their domain names to some Chinese domain name registrar.
In the case of the domain names, the same domain thief kept The domain name ownership documents intact, and they bothshow the priorowners. But in one instance, part of the domain contact record was altered, along with the former owner’s speech is present, however, the last portionof the speech is listed as a Province in China, and not Florida, in whichthe business whose domain name has been stolen is located.
What tipped us off to those stolen domain casesis the factthat both Domains were listed available on a popular domain name market. But, these are domain names where the overall consensus of the value would be over $100,000 per year, and were listed for 1/10th of their value. Bear in mind the 1 year old $150,000 Porsche listed available on Craigslist for $15,000? It is too good to be true, and most likely it isstolen. The same goes for all these domain names that are supposedly stolen. The purchase price provides them away, and, in this case, the ownership records (that the WHOIS records) also reveal evidence of the theft.
It has never been more important to take responsibility for your Digital resources, and make sure thatthey are using a domain registrar That’s adapted and evolved with the times. A Couple of moments spent Wisely, securing your digital resources, is imperative in times like these. It may be the difference between your valuable digital assets and web Properties being guarded, or possibly subjected to theft and risk.