The article provides an in-depth look at domain theft, a malicious act where a third party gains unauthorized access to your domain. It explains how to recognize if your domain has been stolen, how to recover it, and, most importantly, how to take preventative measures.
Key Takeaways
- Domain Theft Explained - Domain theft, also known as hijacking, occurs when someone gains unauthorized access to your domain through methods such as DNS hijacking, social engineering, or by exploiting expired domains.
- Signs of Hijacking - Key indicators include receiving unauthorized transfer emails, changes to your WHOIS record, being locked out of your registrar account, or your website redirecting to a malicious site.
- Preventative Security - To protect your domain, it is essential to use a reputable registrar, enable security features like domain locks and two-factor authentication, and keep your contact information private with WHOIS protection.
- Domain Recovery - If your domain is stolen, contact your domain registrar immediately, check the WHOIS record for the new registrant's information, and consider filing a dispute with ICANN or taking legal action.
- Avoiding Stolen Domains - When buying a domain, research the seller thoroughly, check the domain's history, be cautious of deals that seem too good to be true, and consider using a third-party intermediary, such as Escrow.
TABLE OF CONTENTS
- Key Takeaways
- What is domain theft?
- How do you know if your domain name is stolen?
- What happens after you buy a stolen domain?
- How to avoid buying stolen domains
- How to recover a stolen domain/ How can you reclaim a ‘stolen’ domain name
- How to prevent domain theft
- How Trustname helps to safeguard your domain
Your domain is more than just your website name – it’s a vital asset to your business and demands the highest level of protection. However, safeguarding your domain name from malicious actors can be a challenging task.
In 2023 alone, over 6000 domain name disputes were filed through WIPO (World Intellectual Property Organization) - an organization responsible for all intellectual properties, including domains – with the bulk of cases originating from Europe and North America. In this article, we’ll cover all the essentials you need to know about domain name theft, what to do if your domain is stolen, and how to prevent future attacks.
But first…
What is domain theft?
Domain theft, also known as domain hijacking, is a malicious act in which a third party gains unauthorized access to your domain without your consent. It can happen in different ways :
- DNS hijacking - The attacker gains access to your registrar account and changes the IP address(s) to that of a malicious site.
- Social engineering - The attacker can launch phishing attacks and scams through emails (mimicking your domain registrar) to trick you into providing your login details. When this happens, they’ll change the registrant information on your account or transfer your domain to another registrar.
- Expired domains - If you fail to renew your domain on time, cybersquatters or hackers can take advantage of this opportunity to re-register your domain.
- Exploiting vulnerabilities in your domain registrar security system - Attackers can also take advantage of the weak security measures in your registrar's system to gain unauthorized access to your domain.
Typically, the primary reason hackers hijack a domain is for financial gain. Other reasons are :
- To steal customer data - In some cases, hackers may launch phishing attacks to steal sensitive customer information, including credit card details and personal identification data.
- For reselling - This is also called cybersquatting. Hackers may steal your domain when it has expired and re-register it to resell it at a higher price.
- To redirect traffic - The hacker locks you out of your domain, changes the registrant information, and diverts your website traffic to a malicious or competing site.
- Brand impersonation - If you’re getting high website traffic or are a well-known brand, hackers can leverage your hard-earned credibility to manipulate or defraud your customers.
So…
How do you know if your domain name is stolen?
Here are some telltale signs that your domain name has been stolen :
- You receive an unauthorized domain transfer email
If you received an email from your registrar notifying you of an unauthorized change in registrant details, your domain may have been compromised. Contact your registrar immediately to recover your domain. - Your domain registrant record is missing on WHOIS
Check out the WHOIS or ICANN (Internet Corporation for Assigned Names and Numbers) record for your domain name(s). If the registrant details are in someone else’s name, it’s a clear indication that your domain has been hijacked. - Your domain account has been compromised
Try logging into your domain registrar account. If you :[Component][List][Markers] Custom - Can’t access your account with your credentials.
- Notice a change in the administrative info after logging in
- Notice your domain DNS no longer points to your nameservers or
- See that the domain has been transferred to a new registrar
...then your domain has been stolen. Contact your registrar immediately. - Your website is redirecting to a malicious site
Manually search for your website online and access it for changes in content, functionality, or design. Also, check for redirects to malicious sites or any malicious ads on your website. If there are, it’s a clear sign that your domain has been hijacked. - You didn’t receive a domain renewal email in the last two months
Search your email for a domain renewal email from your registrar. If you don’t have any recent records, it’s a sign that your domain may have been stolen and that your contact details have been altered.
On the other hand, it’s possible to purchase a stolen domain. So…
What happens after you buy a stolen domain?
Think about this, you got a great deal from a domain marketplace. Before purchasing the domain, you ran all the necessary checks to ensure that you were buying from a reliable and reputable vendor. Days later, after you made payments, the actual owner of the domain reaches out with proof to show that the domain was sold without their consent, and they’re the rightful owner.
What will you do?
To resolve this, show proof to the actual owner that you’re unaware of the situation and only bought the domain in good faith. Then, reach out to the payment processor you used and ask for a refund.
If you decide to withhold the domain, the actual owner might file a lawsuit against you, and this will cost you (lots of) money and the domain name. Also, it can lead to reputational damage if the real owner decides to share the complaints online.
How to avoid buying stolen domains
Whether you’re a small business owner or manage an enterprise site, buying and using stolen domains will only damage your business. You also risk losing your hard-earned traffic to someone else as a result of this.
To avoid buying a stolen domain :
- Always do your research (DYOR)
There are several snake oil salespeople disguised as domain registrars and sellers. Always run a thorough search on the domain seller to vet their reputation and track record. Ask for opinions from other domain owners through domain groups on social media, Reddit subgroups, NamePros, DNForums, and other similar platforms. Additionally, review customer feedback on third-party sites such as TrustPilot, HostAdvice, and CyberNews. - Check the domain history
You can look up the domain history on the WHOIS database and the Wayback Machine. The WHOIS database displays the current domain owner (if the domain is not protected by domain privacy).
On the Wayback Machine, you’ll see all the sites that were previously built on the domain. This provides an indication of the domain's legitimacy, its historical usage, and other factors that may impact its future performance. - Cheap isn’t always better
If the deal sounds too good to be true, it probably is. Steer clear of domain sellers offering you premium domain names for a meager price. Domains are valued based on factors such as length, brandability, TLD/extension, age, and keywords. You can look up your domain on Trustname to determine its value. - Use reputable third-party intermediaries
If you’re having second thoughts about the domain seller, consider using reputable third-party services, such as Escrow, to hold your payment until the domain transfer is successful and all ownership details are verified.
How to recover a stolen domain/ How can you reclaim a ‘stolen’ domain name
If your domain has just been stolen, don’t fret. You can still retrieve it without waiting for it to become available again in the domain marketplace.
The first step is to let your customers (or clients) know about the situation. If you own an e-commerce site or a website that collects user personal data, release a press statement on all your digital platforms (including emails) to inform your users about the breach and encourage them to stop all transactions until the issue is resolved.
Then, take these next steps:
- Contact your domain registrar/seller
Once you notice that your domain has been stolen, reach out to your domain registrar and file a complaint. Provide all the relevant details that prove your domain has been stolen, including pictures of your registrant account on WHOIS or your registrar’s dashboard. If you received emails about an unauthorized change in registrant details or a domain transfer, include the receipts in your complaint as well. Most registrars, like Trustname, allow you to contact support through live chat, ticket options, phone calls, or a combination of all three. - Check WHOIS record
Next, you'd like to find out who stole your domain.
It’s possible that your domain was stolen and sold to someone else. To find out, run a quick search on the ICANN WHOIS database to retrieve the contact details of the new registrant. Once you have this data, send a cease and desist letter—a legal document that asserts your ownership of the domain and demands that the infringer stop using it immediately—via email. This letter also requires them to transfer the domain back to you; otherwise, they will face legal action.
But if you can’t find any valuable data on WHOIS records, the hijacker likely used a WHOIS Privacy Protection Service to conceal their information. In this case, consider the other options listed below. - File a registrar transfer dispute with ICANN
This is a more expensive option, but it is effective if your domain name has already been seized. You can file a registrar transfer dispute on ICANN through the ICANN Uniform Domain Name Dispute Resolution Policy (UDRP). There’s a caveat, though. If your domain uses a ccTLD like .us, .eu, .uk, etc., you’ll need to contact the ccTLD manager in your home country.
You can read more about the UDRP here. - Take legal actions
If you’ve exhausted all other options, your last resort is contacting a lawyer specializing in domain name or intellectual property law. You can file a lawsuit through the federal court in your home country or arbitration in WIPO. You can read more about domain name dispute resolution on WIPO here.
How to prevent domain theft
Luckily, there are several steps you can take to prevent domain theft. A few of them are :
- Opt for a reliable and reputable domain registrar/web host
Instead of purchasing your domain from ‘supposed’ best sellers, choose ICANN-accredited registrars, like Trustname, to buy and manage your domain. ICANN has vetted these registrars to sell domain names, and they usually have a robust security system to keep your domain name and data secure. Look out for registrars that offer WHOIS privacy protection service, domain lock, and 2FA authentication. - Enable domain locks on your account
Domain locks act as an extra layer of security for your domain account. They help to prevent unauthorized changes or transfers to your account. Some registrars, like Trustname, for example, give you a domain lock feature and automatically lock newly registered domains on all accounts by default. - Set up two-factor authentication
Two-factor authentication is a stronger security measure that adds an extra layer of protection to your account. In addition to your password, you’ll be required to provide a second means of verification (e.g., email or code from an authenticator app). This makes it harder for hackers to access your domain, even if your password has been compromised. - Turn on Auto-renewals for your domain
Sometimes, when your domain expires without your notice, hackers can take advantage of this opportunity to hijack and re-register it. Once this happens, it’ll be (exceptionally) difficult to recover it. To prevent this, turn on auto-renewals on your account so that your domain remains active.[Component][Notice] Wrapper - Info You can also register for a more extended period to prevent your domain from expiring accidentally. Additionally, you may be eligible for better offers from certain registrars, such as discounted rates or additional services. For example, at Trustname, our users save $100 for every extra year they pay for
- Enable domain privacy protection (WHOIS privacy) on your account
By default, all details about your domain are publicly shared and can be accessed in the WHOIS database. This can be risky, as hackers can easily access your personal data and send phishing scams to compromise your domain account. By enabling domain privacy protection, your details are kept private and concealed from the public.
Trustname offers a one-of-a-kind Two-Tier WHOIS privacy package. On the first layer, we register your domain name in the name of our partner proxy company, Perfect Privacy LLC. On paper, Private Privacy LLC. will be listed as the official registrant of the domain, but you retain complete control of the domain name - Trustname guarantees this.
And if you decide to register the domain in your own name, you still get to enjoy the generic WHOIS masking offered by other registrars on the second layer with our second partner company, WHOIS Privacy Protection Services. - Change your password regularly
When was the last time you changed the password to your administrative account? If you haven’t done so in the past 4 - 6 months, this is a reminder to change it now. Your new password should be a combination of letters, numbers, and special characters that is difficult for anyone to guess. Additionally, store your passwords securely.
How Trustname helps to safeguard your domain
- As the rate of domain theft rises daily, prevention is a more effective option than recovery.
This stems from using a reliable domain name registrar with a strong security system for your business. - At Trustame, domain security is one of our hallmarks—the most important of all, in fact. We understand that your domain name is a vital part of your business, and we’ve built a robust security system to protect it at all costs.
In addition to the customary password protection and domain lock, all our users can enable two-factor authentication on their accounts. This reduces the risks of unauthorized access even if the password gets compromised. - To top it all off, we provide proprietary two-tier domain privacy to ensure your registrant details aren't accessible to the public in the first place. When you register your domain with us, your domain name is protected from public view using our WHOIS Privacy Protection Service.
- You can also choose a ‘predefined contact’ option, where we register your domain using our partner proxy company, Private Privacy LLC, and provide you with complete control over your domain name.
So, whenever someone searches for your domain name on the WHOIS database or any other domain lookup tool, Private Privacy LLC is listed as a registrant, shielding you from all malicious intent. The best part? All these features are FREE! Check out all our domain security features and how we help protect your online business.