Information Highwaymen and Your Domain

You go to work every day at the store you own, and one morning, your key to the door doesn’t work. You look in the window, and the display items have changed. A stranger is behind the counter. But when you call the police, they can’t do anything because the company papers now indicate that the store belongs to the stranger.

The above scenario isn’t likely to happen with a bricks-and-mortar store. Because of insecurities in the domain registration system, however, information highwaymen could take over your online business.

As with identity theft, domain thieves steal your identity — the identity used to register and configure your domain name. After that, your website, your email, your online business, and possibly your reputation are theirs.

Domain names at risk of theft

While theft is a risk with all domain names, domains most at risk are more valuable ones. Domains with dot com extensions have a higher resale value than domains with other extensions, and domains with high traffic or valuable keywords are also more likely to be targets.

The motive behind domain hijacking is usually monetary, but it may be personal. If anyone wants to attack you, stealing your domain name is one way to do it.

How domain theft happens

When domain hijackers steal your domain, they gain access to the domain’s Whois records. They can modify the domain’s nameservers so that the domain points to a different server. They can also transfer the domain to a different registrar.

Either way, site visitors will find themselves at the website of the domain hijacker instead of at your site. All domain email will go to or through the other server instead of to you. All you’ll have left is a website without public access because your domain isn’t pointing to it any more.

How can this happen?

Domain hijacking methods
– Domain hijackers send forged faxes to the domain registrar, impersonating the registrants.
– Domain hijackers hack into the accounts of free email addresses listed in Whois records and use those addresses to obtain domain account information.
– Domain hijackers send out fraudulent email renewal notices, and registrants unknowingly transfer their domains to the thieves.

Registrar non-action

– The gaining registrar (the registrar that the domain is transferred to) doesn’t obtain approval from the domain name registrant or administrative contact as required by ICANN Inter-Registrar Transfer Policy.
– The losing registrar (that the domain is transferred from) doesn’t notify the registrant of the transfer during the five-day pending transfer period. During this period, the registrant can cancel or deny approval of the domain transfer — if the registrar notifies the registrant of it.

Registrant carelessness
– The registrant forgets to update Whois details or to renew the account.
– Someone with access to the registrant’s records steals the information.

Domain name disputes

If you discover that your domain has been hijacked, contact your registrar immediately. If your registrar is unable to resolve the situation, the ICANN (Internet Corporation for Assigned Names and Numbers) Transfer Dispute Resolution Policy (TDRP) applies.

By going the above arbitration route, you don’t have to argue your case in person. On the other hand, all you can get back in the process is your domain (and not necessarily that). For a lot more money, you can take your case to court, where you can seek compensation for damages in addition to the return of your domain. This process takes more time, however.

You may be able to proceed both ways – get your domain back via ICANN domain dispute resolution procedures and then go to court to collect damages. You can also appeal a domain arbitrator’s decision in court.

How to protect your domain name

Protecting a domain name is similar to protecting a bricks-and-mortar store from burglary. With a combination of precautions in place, thieves will find it difficult or impossible to gain access.

Your domain account information
– List your name for the administrative contact, and use your full name.
– Create a complex password with letters (both upper case and lower case) and numbers. Don’t use any real words or personal information in it. Make it long. Make it unique – don’t use the same password for anything else. Change it periodically.
– Keep your domain login name, account number, and password in a place where only trusted people can access it.
– Use a valid contact email address that doesn’t use the domain it’s for. Be sure that this email account also has a complex password. If you’re going to be offline for more than a few days, have someone else check the email for this account.
– Don’t use a free email address such as a Hotmail or Yahoo address. Domain hijackers target domains with free email addresses in the Whois records. After they’ve cracked your email account password, the support you need to get your email account back will probably be slow, giving the hijackers plenty of time to take over your domain.
– Update your Whois record whenever the information in it changes.

Your domain account features
– Choose a domain registrar that sends registrants transfer pending notifications when a domain transfer is taking place.
– Consider protecting your Whois details with a registrar that offers a private domain name record. With this feature, your registrar’s data appears with your Whois record rather than your data. The downside of using this feature is that your business may have less credibility because you’re hiding who you are.
– Register your domain for a long time period, and set up calendar reminders to renew it before it expires.
– Set up your domain to be renewed automatically if your registrar offers this feature.
– Use the Registrar-lock mechanism if it’s available through your registrar. When a domain is locked, it cannot be modified or transferred unless the registrant unlocks it or follows the domain transfer process.

Other domain security measures
– Set up a free Whois monitoring alert email service and add your domain to your monitoring list. You will receive email notifications whenever the expiration date, registrar, or status of a monitored domain changes. (Whois does not have data on all domain extensions.)
– Make sure that someone checks your website every few days, preferably daily.

About the author:

Lois S. is a Technical Executive Writer for and with experience in the website hosting industry.

Leave a Reply

Your email address will not be published. Required fields are marked *