Lately, there’s been an uptick in the Amount of domain names Which are being stolen. I am not positive if it’s because of the globaloutbreak and people are getting more desperate for money, or if domain thieves are using their changing digital and technologyenvironment. COVID-19 is inducing more people to be online and conduct business online. But this also means that many don’t fully understand how to properly protect their digital assets, like domains.
While I think of electronic assets, I think of many different kinds. Our electronic assets can consist of access to your bank account on line, access to reports such as cryptocurrency accounts, and payment tradesites like PayPal, Masterbucks, and Venmo. Then there’s online shopping sites’ logins, for example Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment data is stored. Apple Pay and Google Pay are others, as well as your web site hosting account that manages your email (if you don’t utilize Gmail.com or Outlook.com), and, finally, your domain . If your domain goes missing, then you eliminate a lot: access to email, as well as your site probably will return, where you are going to eliminate visibility, online sales, and customers. Online thieves are hacking websites and anywhere there is a login, since they’re trying to get to your digital assets.
Many of us are now used to safeguarding our online accounts by utilizing a Unique, secure password for every login that we’ve got online. An important part of protecting digital assets, and domains, would be to make surethatyou get a safe password and two-factor authentication setup to your login at your domain registrar. Oftentimes, if a thief gains access to an account at a domain registrar, the consequences can be catastrophic if you don’t have extra protections in place to protect your domain .
Hackers who access a domain registrar’s account can do a few things that would disrupt your company:
They can point the domain name to another web server, possibly their”copy” of your site. You would think it’s the copy, however, the copy could contain malicious code.I’ve even seen them direct online sales from a copy of your site to them so they profit monetarily from it via identity theft or diverting funds. They might even keep your contact information about the WHOIS record so thatit looks like you still own it–but the domain may be moved into their account. If it’s from your account and you no longer control the domain , then they’ve stolen the domain and canresell it. As soon as they begin the transfer then they’vetried to steal the domain , and as soon as it is moved then it is considered to be stolen. They may keep the exact same name servers so it points to your site, so you don’t notice that it is stolen.
Digital thieves know that domains are valuable, since they’re Digital assets that can be sold for tens of thousands, tens ofthousands, hundreds of thousands, and even millions of dollars. Regrettably, domain crimes generally go un-prosecuted. Oftentimes, the domain thieves aren’t found in the exact same state as the victim. They allhave the exact same thing in common: they want to gain monetarily from slipping the domain name. Following is a few domain crimes that I’ve found recently:
A organization’s account at a domain registrar was hacked (using social engineering).
The domain thief introduced as a domain buyer, telling the domain owner they wanted to buy their domain for a few thousand dollars. The buyer and seller agreed to a price, the thief told them they could pay them through cryptocurrency. The seller moved the domain name once they were given details of this cryptocurrency trade. They were scammed, and dropped the domain .
A domain name owner that has a portfolio of domain names gets their account hacked at a domain registrar. The owner doesn’tcomprehend this, and the domains are transferred to another registrar in another nation. The gaining registrar is stubborn (or in about the theft), and will not return the domains.
A domain name owner has his or her account hacked at the domain registrar and domains are moved out to another registrar. Then they sell the domains to somebody else, and the domainsare moved again to another registrar. This occurs several times, with different registrars. Those who bought the domain names don’t know they are stolen, and they lose any investment they made in the domains. At times it’s difficult to unravel cases like this, asthere are several owners and registrars involved.
All ofthese happened in the past two to three months. And are only In the case of the domain sale scam, the vendor must have employed a domain escrow assistance, there are several reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that manages domain name sales.
Just just how can you minimize the risk of your domain getting stolen?
Move your domain name to a secure registrar.
Log into your registrar account on a regular basis.
Setup registry (transfer lock) in your domain name.
Assess WHOIS data frequently.
Renew the domain name for many years or”eternally”.
Take advantage of additional security features at your own Password.
Shield your domain with a domain name guarantee.
Consider moving your domain to a secure domain name registrar. There are registrars that haven’t kept up with common securitypractices, such as letting you install 2-Factor Authentication inyour account, Registrar Lock (which halts domain transfers), and even preparing a PIN number in your account for customer serviceinteractions.
Log into your domain registrar’s account on a regular basis. I Can’t actually say how often you need to do this, but you should get it done on a regular schedule. Log in, be sure you have the domain name(s) in your account, make sure they are on auto-renew, and nothing appears out of the normal.
Set up Registrar Lock or”transport lock” in your domain . Some Registrars call it”Executive Lock” or something similar. It’s a setting that makes certain thatthe domain cannot be moved to another registrar without having it turned off. Some go so far as keeping it”on” unless they get verbal confirmation that it needs to be transferred.
Check the WHOIS data on the domain . Test it publicly on a Public WHOIS, such as at ICANN’s WHOIS, WhoQ, or at your registrar. Make certain it’s right, even the email addresses. If the domain is using WHOIS Privacy, send an email to the obfuscated email address to make sure you make the email.
Renew your domain name for many decades. Years for valuable domains (or ones thatyou don’t want to lose). You can get a “eternally” domain registration at Epik.com.
Ask the registrar in the event the account access can be restricted based on Ask the accounts if the account can be restricted from logging in by a USB Device, such as a bodily Titan Security Crucial, or even a Yubikey. If you have Google Advanced Protection allowed in your Google Account, you will have two physical keys to access this Google Account (plus some innovative security in the Google back-end). You would then have those Advanced Protection keys fromGoogle to protect the domains on Google Domains.
Look at protecting your domain (s) with a domain name guarantee or support that protects these digital assets, such as DNProtect.com.
Some domain name registrars, especially those who take domain Security very seriously, have updated their systems”behind the scenes” so to speak. It’s harder for the fraudsters and thieves to steal domains at these registrars. Some domain name registrars do nothave 24/7 technical assistance, they may outsource their customer serviceagents, and their domain name registrarsoftware is outdated.
As I write this now, I have been informed of 20 very Valuable domains that were stolen from their owners in the previous 60 days. As an example, of 2 cases I personally confirmed, the domain names were stolen from one particular domain registrar, based in the united states. The domains were moved to another domain registrar in China. Both ofthese companies who own the domains are, in fact, based in the United States. So, it is not logical that they’dtransfer their domain names to some Chinese domain name registrar.
In the case of the domains, this same domain thief kept The domain ownership records intact, and they bothshow the formerowners. However, in 1 case, part of this domain contact record was altered, and the former owner’s address is present, but the last portionof the address is recorded as a Province in China, and not Florida, in whichthe business whose domain name was stolen is located.
What tipped us off to these stolen domain casesis the factthat both Domains names were listed for sale on a popular domain name market. But, these are domains where the general consensus of this value would be over $100,000 per year, and were recorded for 1/10th of the value. Bear in mind the 1 year old $150,000 Porsche listed for sale on Craigslist for $15,000? It’s too good to be true, and probably it isstolen. The same goes for all these domains that are supposedly stolen. The price gives them away, and, in this scenario, the ownership records (the WHOIS documents) also reveal evidence of this theft.
It’s not been more important to take responsibility for your Digital resources, and make sure thatthey are with a domain registrar That’s adapted and evolved with the times. A Couple of moments spent Wisely, securing your electronic assets, is imperative in times like these. It can be the difference between your valuable digital assets and internet Properties being safeguarded, or possibly subjected to theft and risk.